From 4eb7aaac21a86239244afbac42616700ee1203ef Mon Sep 17 00:00:00 2001 From: EnigmaCurry Date: Wed, 25 Oct 2023 11:41:04 -0600 Subject: [PATCH 1/5] basic mumble --- mumble/.env-dist | 21 +++++++++++++++ mumble/Makefile | 34 ++++++++++++++++++++++++ mumble/docker-compose.instance.yaml | 41 +++++++++++++++++++++++++++++ mumble/docker-compose.yaml | 24 +++++++++++++++++ mumble/mumble-server/Dockerfile | 16 +++++++++++ mumble/mumble-server/test.py | 23 ++++++++++++++++ traefik/.env-dist | 4 +++ traefik/config/setup.sh | 3 +++ traefik/config/traefik.yml | 4 +++ traefik/docker-compose.yaml | 3 +++ 10 files changed, 173 insertions(+) create mode 100644 mumble/.env-dist create mode 100644 mumble/Makefile create mode 100644 mumble/docker-compose.instance.yaml create mode 100644 mumble/docker-compose.yaml create mode 100644 mumble/mumble-server/Dockerfile create mode 100644 mumble/mumble-server/test.py diff --git a/mumble/.env-dist b/mumble/.env-dist new file mode 100644 index 00000000..1a4e7807 --- /dev/null +++ b/mumble/.env-dist @@ -0,0 +1,21 @@ +# The domain name for the mumble service: +MUMBLE_TRAEFIK_HOST=mumble.example.com +MUMBLE_VERSION=v1.4.230-6 + +# The name of this instance. If there is only one instance, use 'default'. +MUMBLE_INSTANCE= + +# Filter access by IP address source range (CIDR): +##Disallow all access: 0.0.0.0/32 +##Allow all access: 0.0.0.0/0 +MUMBLE_IP_SOURCERANGE=0.0.0.0/0 + +MUMBLE_SUPERUSER_PASSWORD= + +MUMBLE_VERBOSE=false + +## Mumble config +## All vars start with MUMBLE_CONFIG_ prefix +## See all config vars @ https://wiki.mumble.info/wiki/Murmur.ini +MUMBLE_CONFIG_WELCOME_TEXT="Yo welcome to mumble powered by d.rymcg.tech" +MUMBLE_CONFIG_CERT_REQUIRED=true \ No newline at end of file diff --git a/mumble/Makefile b/mumble/Makefile new file mode 100644 index 00000000..2ebc5b97 --- /dev/null +++ b/mumble/Makefile @@ -0,0 +1,34 @@ +ROOT_DIR = .. +include ${ROOT_DIR}/_scripts/Makefile.projects +include ${ROOT_DIR}/_scripts/Makefile.instance + +.PHONY: config-hook +config-hook: +#### This interactive configuration wizard creates the .env_{DOCKER_CONTEXT}_{INSTANCE} config file using .env-dist as the template: +#### reconfigure_ask asks the user a question to set the variable into the .env file, and with a provided default value. +#### reconfigure sets the value of a variable in the .env file without asking. +#### reconfigure_htpasswd will configure the HTTP Basic Authentication setting the var name and with a provided default value. + @${BIN}/reconfigure_ask ${ENV_FILE} MUMBLE_TRAEFIK_HOST "Enter the mumble domain name" mumble${INSTANCE_URL_SUFFIX}.${ROOT_DOMAIN} + @${BIN}/reconfigure ${ENV_FILE} MUMBLE_INSTANCE=$${instance:-default} + @${BIN}/reconfigure_password ${ENV_FILE} MUMBLE_SUPERUSER_PASSWORD + @echo "" + +.PHONY: override-hook +override-hook: +#### This sets the override template variables for docker-compose.instance.yaml: +#### The template dynamically renders to docker-compose.override_{DOCKER_CONTEXT}_{INSTANCE}.yaml +#### These settings are used to automatically generate the service container labels, and traefik config, inside the template. +#### The variable arguments have three forms: `=` `=:` `=@` +#### name=VARIABLE_NAME # sets the template 'name' field to the value of VARIABLE_NAME found in the .env file +#### # (this hardcodes the value into docker-compose.override.yaml) +#### name=:VARIABLE_NAME # sets the template 'name' field to the literal string 'VARIABLE_NAME' +#### # (this hardcodes the string into docker-compose.override.yaml) +#### name=@VARIABLE_NAME # sets the template 'name' field to the literal string '${VARIABLE_NAME}' +#### # (used for regular docker-compose expansion of env vars by name.) + @${BIN}/docker_compose_override ${ENV_FILE} project=:mumble instance=@MUMBLE_INSTANCE traefik_host=@MUMBLE_TRAEFIK_HOST ip_sourcerange=@MUMBLE_IP_SOURCERANGE + + +.PHONY: shell +shell: + @make --no-print-directory docker-compose-shell SERVICE=mumble COMMAND=/bin/bash + diff --git a/mumble/docker-compose.instance.yaml b/mumble/docker-compose.instance.yaml new file mode 100644 index 00000000..015f9617 --- /dev/null +++ b/mumble/docker-compose.instance.yaml @@ -0,0 +1,41 @@ +#! This is a ytt template file for docker-compose.override.yaml +#! References: +#! https://carvel.dev/ytt +#! https://docs.docker.com/compose/extends/#adding-and-overriding-configuration +#! https://github.com/enigmacurry/d.rymcg.tech#overriding-docker-composeyaml-per-instance + +#! ### Standard project vars: +#@ load("@ytt:data", "data") +#@ project = data.values.project +#@ instance = data.values.instance +#@ context = data.values.context +#@ traefik_host = data.values.traefik_host +#@ ip_sourcerange = data.values.ip_sourcerange +#@ enabled_middlewares = [] + +#@yaml/text-templated-strings +services: + mumble: + #@ service = "mumble" + labels: + #! Services must opt-in to be proxied by Traefik: + - "traefik.enable=true" + + #! 'router' is the fully qualified key in traefik for this router/service: project + instance + service + #@ router = "{}-{}-{}".format(project,instance,service) + + #! Mumble TCP: + - "traefik.tcp.routers.(@= router @).rule=HostSNI(`*`)" + - "traefik.tcp.routers.(@= router @).entrypoints=mumble" + #@ enabled_middlewares.append("{}-ipwhitelist".format(router)) + - "traefik.tcp.middlewares.(@= router @)-ipwhitelist.ipwhitelist.sourcerange=(@= ip_sourcerange @)" + + #! Mumble UDP: + #!- "traefik.udp.routers.(@= router @).rule=Host(`*`)" + #!- "traefik.udp.routers.(@= router @).entrypoints=mumble" + #!#@ enabled_middlewares.append("{}-ipwhitelist".format(router)) + #!- "traefik.udp.middlewares.(@= router @)-ipwhitelist.ipwhitelist.sourcerange=(@= ip_sourcerange @)" + + #! Apply all middlewares (do this at the end!) + - "traefik.tcp.routers.(@= router @).middlewares=(@= ','.join(enabled_middlewares) @)" + #! - "traefik.udp.routers.(@= router @).middlewares=(@= ','.join(enabled_middlewares) @)" diff --git a/mumble/docker-compose.yaml b/mumble/docker-compose.yaml new file mode 100644 index 00000000..fbe15dd2 --- /dev/null +++ b/mumble/docker-compose.yaml @@ -0,0 +1,24 @@ +version: "3.9" + +services: + mumble: + build: + context: mumble-server + args: + MUMBLE_VERSION: "${MUMBLE_VERSION}" + security_opt: + - no-new-privileges:true + cap_drop: + - ALL + sysctls: + - net.ipv4.ip_unprivileged_port_start=1024 + restart: unless-stopped + environment: + - MUMBLE_VERBOSE + - MUMBLE_SUPERUSER_PASSWORD + - MUMBLE_CONFIG_WELCOME_TEXT + - MUMBLE_CONFIG_CERT_REQUIRED + # All labels are defined in the template: docker-compose.instance.yaml + # The labels will merge together here from the template output: + # docker-compose.override_{DOCKER_CONTEXT}_{INSTANCE}.yaml + labels: [] diff --git a/mumble/mumble-server/Dockerfile b/mumble/mumble-server/Dockerfile new file mode 100644 index 00000000..002baa2a --- /dev/null +++ b/mumble/mumble-server/Dockerfile @@ -0,0 +1,16 @@ +ARG MUMBLE_VERSION +FROM mumblevoip/mumble-server:${MUMBLE_VERSION} +USER root +RUN apt-get update && \ + apt install -y python3 python3-pip python-is-python3 build-essential \ + libssl-dev libbz2-dev git wget && \ + pip install zeroc-ice && \ + mkdir /home/mumble && \ + chown -R mumble:mumble /home/mumble + +USER mumble +WORKDIR /home/mumble +ENV PATH=/home/mumble/.local/bin:/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin +RUN wget https://raw.githubusercontent.com/mumble-voip/mumble/1adbe6d9db7bc82234a563c91a5f8772ec0d5811/src/murmur/MumbleServer.ice && slice2py MumbleServer.ice +COPY --chown=mumble test.py . + diff --git a/mumble/mumble-server/test.py b/mumble/mumble-server/test.py new file mode 100644 index 00000000..0d494b93 --- /dev/null +++ b/mumble/mumble-server/test.py @@ -0,0 +1,23 @@ +import sys, Ice +import MumbleServer + +with Ice.initialize(sys.argv) as communicator: + base = communicator.stringToProxy("Meta:tcp -h 127.0.0.1 -p 6502") + + meta = MumbleServer.MetaPrx.checkedCast(base) + if not meta: + raise RuntimeError("Invalid proxy") + + servers = meta.getAllServers() + + if len(servers) == 0: + print("No servers found") + + for currentServer in servers: + if currentServer.isRunning(): + print( + "Found server (id=%d):\tOnline since %d seconds" + % (currentServer.id(), currentServer.getUptime()) + ) + else: + print("Found server (id=%d):\tOffline" % currentServer.id()) diff --git a/traefik/.env-dist b/traefik/.env-dist index 1913c8e7..6e54b7e7 100644 --- a/traefik/.env-dist +++ b/traefik/.env-dist @@ -144,6 +144,10 @@ TRAEFIK_SNAPCAST_ENTRYPOINT_PORT=1704 TRAEFIK_SNAPCAST_CONTROL_ENTRYPOINT_ENABLED=false TRAEFIK_SNAPCAST_CONTROL_ENTRYPOINT_HOST=0.0.0.0 TRAEFIK_SNAPCAST_CONTROL_ENTRYPOINT_PORT=1705 +## Mumble +TRAEFIK_MUMBLE_ENTRYPOINT_ENABLED=false +TRAEFIK_MUMBLE_ENTRYPOINT_HOST=0.0.0.0 +TRAEFIK_MUMBLE_ENTRYPOINT_PORT=64738 ## Wireguard VPN server: TRAEFIK_VPN_ENABLED=false diff --git a/traefik/config/setup.sh b/traefik/config/setup.sh index 348d9297..b6b8ab22 100644 --- a/traefik/config/setup.sh +++ b/traefik/config/setup.sh @@ -74,6 +74,9 @@ ytt_template() { -v error_handler_403_service="${TRAEFIK_ERROR_HANDLER_403_SERVICE}" \ -v error_handler_404_service="${TRAEFIK_ERROR_HANDLER_404_SERVICE}" \ -v error_handler_500_service="${TRAEFIK_ERROR_HANDLER_500_SERVICE}" \ + -v mumble_entrypoint_enabled="${TRAEFIK_MUMBLE_ENTRYPOINT_ENABLED}" \ + -v mumble_entrypoint_host="${TRAEFIK_MUMBLE_ENTRYPOINT_HOST}" \ + -v mumble_entrypoint_port="${TRAEFIK_MUMBLE_ENTRYPOINT_PORT}" \ --data-value-yaml header_authorization_groups="${TRAEFIK_HEADER_AUTHORIZATION_GROUPS}" \ > ${dst} success=$? diff --git a/traefik/config/traefik.yml b/traefik/config/traefik.yml index 02eeb998..c3c8f222 100644 --- a/traefik/config/traefik.yml +++ b/traefik/config/traefik.yml @@ -154,3 +154,7 @@ entryPoints: web_plain: address: #@ data.values.web_plain_entrypoint_host + ":" + data.values.web_plain_entrypoint_port #@ end + #@ if data.values.mumble_entrypoint_enabled == "true": + mumble: + address: #@ data.values.mumble_entrypoint_host + ":" + data.values.mumble_entrypoint_port + #@ end diff --git a/traefik/docker-compose.yaml b/traefik/docker-compose.yaml index 0459abbd..aaf76965 100644 --- a/traefik/docker-compose.yaml +++ b/traefik/docker-compose.yaml @@ -89,6 +89,9 @@ services: - TRAEFIK_ERROR_HANDLER_404_SERVICE - TRAEFIK_ERROR_HANDLER_500_SERVICE - TRAEFIK_HEADER_AUTHORIZATION_GROUPS + - TRAEFIK_MUMBLE_ENTRYPOINT_ENABLED=${TRAEFIK_MUMBLE_ENTRYPOINT_ENABLED:-false} + - TRAEFIK_MUMBLE_ENTRYPOINT_HOST=${TRAEFIK_MUMBLE_ENTRYPOINT_HOST:-0.0.0.0} + - TRAEFIK_MUMBLE_ENTRYPOINT_PORT=${TRAEFIK_MUMBLE_ENTRYPOINT_PORT:-64738} traefik: profiles: - default From 5fc0bbc705af6dc57f61d70538b0e31e33ce6ed6 Mon Sep 17 00:00:00 2001 From: EnigmaCurry Date: Wed, 25 Oct 2023 11:53:23 -0600 Subject: [PATCH 2/5] mumble entrypoint docs --- README.md | 1 + traefik/README.md | 5 ++++- 2 files changed, 5 insertions(+), 1 deletion(-) diff --git a/README.md b/README.md index 7ad1fc8c..deffbf9f 100644 --- a/README.md +++ b/README.md @@ -203,6 +203,7 @@ configured, you may need to open these ports in your firewall: | TLS | TCP | 8883 | Traefik MQTT (TLS) entrypoint | | WebRTC | UDP | 10000 | Jitsi Meet video bridge (direct-map) | | VPN | UDP | 51820 | Wireguard (Traefik VPN) (direct-map) | +| TCP socket | TCP | 64738 | Traefik Mumble (VoIP) entrypoint | The ports that are listed as `(direct-map)` are not connected to Traefik, but are directly exposed (public) to the docker host network. diff --git a/traefik/README.md b/traefik/README.md index 0fa6b4b2..c70a41a6 100644 --- a/traefik/README.md +++ b/traefik/README.md @@ -611,9 +611,12 @@ Traefik [.env](.env-dist) file : | `TRAEFIK_PLUGIN_MAXMIND_GEOIP` | (bool) Enable GeoIP plugin | `false`, `true` | | `TRAEFIK_ROOT_DOMAIN` | The default root domain of every service | `d.rymcg.tech` | | `TRAEFIK_SEND_ANONYMOUS_USAGE` | (bool) Whether to send usage data to Traefik Labs | `false`, `true` | -| `TRAEFIK_SNAPCAST_ENTRYPOINT_ENABLED` | (bool) Enable snapcast (unencrypted) entrypoint | | +| `TRAEFIK_SNAPCAST_ENTRYPOINT_ENABLED` | (bool) Enable snapcast (unencrypted) entrypoint | `false`,`true` | | `TRAEFIK_SNAPCAST_ENTRYPOINT_HOST` | Host ip address to bind snapcast entrypoint | `0.0.0.0` | | `TRAEFIK_SNAPCAST_ENTRYPOINT_PORT` | Host TCP port to bind snapcast entrypoint | `1704` | +| `TRAEFIK_MUMBLE_ENTRYPOINT_ENABLED` | (bool) Enable mumble entrypoint | `false`,`true` | +| `TRAEFIK_MUMBLE_ENTRYPOINT_HOST` | Host ip address to bind mumble entrypoint | `0.0.0.0` | +| `TRAEFIK_MUMBLE_ENTRYPOINT_PORT` | Host TCP port to bind mumble entrypoint | `64738` | | `TRAEFIK_SSH_ENTRYPOINT_ENABLED` | (bool) Enable ssh (port 2222) entrypoint | `true`,`false` | | `TRAEFIK_SSH_ENTRYPOINT_HOST` | Host ip address to bind ssh entrypoint | `0.0.0.0` | | `TRAEFIK_SSH_ENTRYPOINT_PORT` | Host TCP port to bind ssh entrypoint | `2222` | From 3e4ffaef8df49efc528f3251158b47c5ba6c373a Mon Sep 17 00:00:00 2001 From: EnigmaCurry Date: Thu, 26 Oct 2023 17:28:45 -0600 Subject: [PATCH 3/5] mumble stuff --- mumble/.env-dist | 6 +- mumble/Makefile | 21 ++- mumble/README.md | 210 ++++++++++++++++++++++++++ mumble/client.sh | 35 +++++ mumble/doc/01-connected-superuser.jpg | Bin 0 -> 101189 bytes mumble/docker-compose.yaml | 3 + 6 files changed, 273 insertions(+), 2 deletions(-) create mode 100644 mumble/README.md create mode 100755 mumble/client.sh create mode 100644 mumble/doc/01-connected-superuser.jpg diff --git a/mumble/.env-dist b/mumble/.env-dist index 1a4e7807..43cc3592 100644 --- a/mumble/.env-dist +++ b/mumble/.env-dist @@ -18,4 +18,8 @@ MUMBLE_VERBOSE=false ## All vars start with MUMBLE_CONFIG_ prefix ## See all config vars @ https://wiki.mumble.info/wiki/Murmur.ini MUMBLE_CONFIG_WELCOME_TEXT="Yo welcome to mumble powered by d.rymcg.tech" -MUMBLE_CONFIG_CERT_REQUIRED=true \ No newline at end of file + +## All users are required to use client certificates: +MUMBLE_CONFIG_CERT_REQUIRED=true +## All users are placed in the Root channel (id=0) by default: +MUMBLE_CONFIG_DEFAULT_CHANNEL=0 diff --git a/mumble/Makefile b/mumble/Makefile index 2ebc5b97..8e81ea5b 100644 --- a/mumble/Makefile +++ b/mumble/Makefile @@ -1,5 +1,5 @@ ROOT_DIR = .. -include ${ROOT_DIR}/_scripts/Makefile.projects +include ${ROOT_DIR}/_scripts/Makefile.projects-no-open include ${ROOT_DIR}/_scripts/Makefile.instance .PHONY: config-hook @@ -32,3 +32,22 @@ override-hook: shell: @make --no-print-directory docker-compose-shell SERVICE=mumble COMMAND=/bin/bash +.PHONY: open +open: + @echo "##" + @echo "## Download the mumble client from your package manager" + @echo "## or from https://www.mumble.info/" + @echo "##" + @echo "## Use your mumble client to connect to your server:" + @echo "## address: $$(${BIN}/dotenv -f ${ENV_FILE} get MUMBLE_TRAEFIK_HOST)" + @echo "## port: $$(${BIN}/dotenv -f ../traefik/.env_${DOCKER_CONTEXT}_default get TRAEFIK_MUMBLE_ENTRYPOINT_PORT)" + @echo "## username: SuperUser" + @echo "## password: $$(${BIN}/dotenv -f ${ENV_FILE} get MUMBLE_SUPERUSER_PASSWORD)" + @echo "##" + @echo "## Open access and user registration is enabled by default!" + @echo "## Use the SuperUser account to edit the global ACLs to change these defaults." + @echo "##" + +.PHONY: client +client: + @./client.sh diff --git a/mumble/README.md b/mumble/README.md new file mode 100644 index 00000000..73a0cdb2 --- /dev/null +++ b/mumble/README.md @@ -0,0 +1,210 @@ +# mumble + +[Mumble](https://www.mumble.info/) is a low latency group voice chat system. + +## Setup + +``` +make config +``` + +## Install + +``` +make install +``` + + +## Background info on Mumble + +Here is some knowledge dump about Mumble that you may want to know: + + * Mumble has Channels, and Users, that form a hierachical tree/list + structure. + * Channels are audio rooms where users in the same room can speak +(VoIP audio) and/or type text to one another. + * The `Root` channel holds *all* the channels and users. The `Root` + is at the top, and everything else is below it. + * Channels can be nested, to support sub-channels, and sub-channels + can have sub-sub-channels, and so-on. Channels may be moved + (dragged) around in the hierarchy as desired. The `Root` channel is + the only channel that cannot be moved, nor renamed (apparently).\ + * Users are free (by default) to traverse this entire tree and to + visit any channel in the structure. While users can only be "in" a + single room at a time, they may "listen" to more than one one at + the same time. Users can only speak into the room that they are + currently "in" (but an admin may also link a channel audio + together.) + * Channels may be removed, and if they have sub-channels, they will + be removed as well. If there are users currently in any of these + channels, they will be moved into the parent channel (or the + closest grand-parent that isn't being removed for deeper + sub-trees). + * By default, anyone may freely join the server, and register their + own username. Clients automatically generate a certificate which + identities the registered user. + * The `SuperUser` can create groups and organize users and apply + Access Control Lists (ACLs) to limit/grant what these groups are + allowed to do, and where they can go, on the server. + * ACLs work top-to-bottom, where the top is applied first, and then + the bottom rows overwrite the rules above it. Another way to think + about it, is that the rule on the *bottom* has the *highest* + priority. + * The `SuperUser` can create new channels, and these will stay + permanently in the list (unless deleted). + * By default, all users can can freely create Temporary channels, + which are created ephemerally, and automatically removed once the + last user leaves the channel. + * The user that creates a channel, becomes the administrator of that + channel, and this gives that user broad control to edit the + permissions of that channel, and its sub-channels. However, no + sub-channel may override the global permissions set by the + `SuperUser`. + * There are actually two different types of users: + * Unregistered users + * Registered users + * Unregistered users may not create any channels, however, by + default, unregistered users are allowed to register themselves (by + right clicking their name and selecting `Register`). + * By default, any registered user is allowed to create Temporary + channels. + +## Manual Server Configuration + +There is not much in the way of customization from the `.env` file, as +most of the mumble configuration is designed to be done at runtime +with the GUI client, and using the `SuperUser` account to do it. This +could probably be automated somehow so that configuration from the +`.env` file would make an API call to the mumble RPC service to make +the configured changes automatically... but I haven't figured out how +to do that yet. (Contrary to how most d.rymcg.tech apps are +configured, this ad-hoc configuration, and delegation, from the client +itself could be a powerful and flexible asset, so lets roll with it, +and just document the process.) + +For now, these are the instructions for *manually* configuring a +secure mumble service: + + * Get the `SuperUser` credentials, run: `make open`. + * In your mumble client create a new server configuration: + * Enter the address, port, username, and password printed from the + output of `make open`. + * Don't use the default label (Which only includes the server name + by default), instead give it a good name like + `SuperUser@my_server`, so that you can tell this config apart + from other configs you will create later. + * Connect to the `SuperUser@my_server` account. + +You should now find yourself logged in, and see yourself as the +`SuperUser` (in bold text, to indicate yourself, I think) and you are +placed, alone, in a list directly beneath a `Root` node: + +![Connected as the SuperUser](doc/01-connected-superuser.jpg) + + +### Locking down privileges + +For this example, lets lock down the server a bit, to limit what newly +created users are allowed to do. + + * Right click on the `Root` node to open the context menu, and then + select `Edit...`. This will open the `Root` channel edit window. + * Click on the `ACL` tab. + * The list of `Active ACLs` shows all the rules that govern the + `Root` channel, and all the channels that will be created below it. + This includes a default configuration, but for this demonstration + we will remove it all and start from scratch. + * The very top of the `Active ACLs` list has the `@all` item in + italics, this is the default ACL and it cannot be removed or + deleted. It is always at the top, and therefore always has the + *lowest* priority. + * Go ahead and delete all the other ACLs below it. (In my case I see + `@admin`, `@auth`, `@all` [a second one]). Click each one, and + press the `Remove` button, in turn. At the end you should see just + the single `@all` item (in italics) which is the one you can't + remove. + * To override the default, you will now create a new ACL below it + (below means *higher* priority): Make sure the `Inherit ACLs` is + left unchecked, and then click the `Add` button, and a new `@all` + item will appear beneath it. + * With the new `@all` ACL selected, you can choose new Permissions in + the list on the right side: + * Click on the `Deny` column for everything in the permissions + list, *except* for the following: + * Allow `Traverse`. + * Allow `Register Self`. + * Click `OK` to close the window. + +To recap: at this point you have created an ACL for the `Root` node +that denies all users from doing practically everything: + + * Anyone may still join the server, using any username they want. + * However, they can only join the Root channel, and they won't be + able to speak, nor listen, nor text, nor even leave this channel. + They will be able to see the other users and channels in the list, + and that's about it. All users (except the `SuperUser`) are now + effectively stuck in the Root channel and they can't do anything or + move. + * Create a new connection profile in your mumble client to verify this: + * Use the same hostname, and port you used before. + * Make up a brand new username. + * *Do not enter a password!* (A client certificate will be + automatically created and used instead; only the `SuperUser` + account requires a password.) + * Give it a good label, like `username@my_server`. + * Try conecting with the new user, and verify that the user cannot + do very much, or move around. + * One thign the user *can* do, is register. In the top bar of the + client click on `Self` and then click `Register...`. + * Register your new user, and your user will own the username you + chose from that point onward. + +It will be useful at this point to have two clients, one to login with +the `SuperUser` and the other to login with your test user. If you +also need to test more than one test user, you will need to use +another supported device (eg. +[Mumla](https://f-droid.org/en/packages/se.lublin.mumla/) for +Android). + +### Build new privilege ACLs from scratch + +Log back in as the `SuperUser@my_server`, and you can start to build a +new set of ACLs to allow your users to start doing some stuff: + + * Right click the `Root` channel, click on `Edit...` + * Open the `Group` tab. In the `Group` dropdown, you type in it to + create a new group. Create a new group called `users` to represent + a basic group of authenticated users. + * Underneath the `Members` list, there is another dropdown next to + the `Add` button. Type the names of all the users you wish to add + to the `users` group (these users need to be registered first), and + click `Add` for each one. If the username appears in italics, then + this username hasn't been registered, and you won't be able to save + the usernames that aren't registered. Add the test user that you + created before to the `users` group. + +Now we will create a new ACL for the `users group`: + + * Click on the `ACL` tab in the `Root` channel `Edit...` window. + * Click the `Add` button and a new item will appear in the `Active + ACLs` list. (Initially the new item is called `@all`, similar to + the one above it.) + * In the `User/Group` menu, select the `Group` for the new ACL: + select `users`, and you will see that the ACL has also been renamed + to `@users`. + * Make sure both of the checkboxes are checked for this ACL: + * `Applies to sub-channels` should be checked. + * `Applies to this channel` should be checked. + * Select these Permissions for the `@users` ACL: + * Allow `Enter` (this allows users to enter this channel) + * Allow `Speak` (this allows users to speak in channels (audio)) + * Allow `Whisper` (this allows users to speak directly to other channel users) + * Allow `Text Message` (this allows users to type text to the channel) + * Allow `Make temporary` (this allows users to create temporary + sub-channels inside this one) + * Allow `Listen` (this allows users to listen to this channel) + * Click `OK` to close the edit window. + * Now you should find that the test user that is added to the `users` + group can do all of those things that the ACL grants them. + + diff --git a/mumble/client.sh b/mumble/client.sh new file mode 100755 index 00000000..19e76929 --- /dev/null +++ b/mumble/client.sh @@ -0,0 +1,35 @@ +#!/bin/bash + +set -e +BIN=../_scripts +source ${BIN}/funcs.sh + +ACCOUNT=$1; +check_var ACCOUNT + +## Create a new config and database directories: +NEW_CONFIG="${HOME}/.config/Mumble/${ACCOUNT}" +NEW_DATA="${HOME}/.local/share/Mumble/${ACCOUNT}" +mkdir -p "${NEW_CONFIG}" +mkdir -p "${NEW_DATA}" + +if [[ ! -f "${NEW_CONFIG}/mumble_settings.json" ]]; then + ## Create a new config with the correct new database location: + echo "{}" | jq ".misc.database_location = \"${NEW_DATA}/mumble.sqlite\"" \ + | jq ".settings_version = 1" \ + | jq ".ui.theme_style = \"Dark\"" \ + | jq ".mumble_has_quit_normally = true" \ + | jq ".misc.audio_wizard_has_been_shown = true" \ + | jq ".misc.viewed_server_ping_consent_message = true" \ + | jq ".ui.disable_public_server_list = true" \ + > "${NEW_CONFIG}/mumble_settings.json" +fi + +touch "${NEW_DATA}/mumble.sqlite" + +cat "${NEW_CONFIG}/mumble_settings.json" | jq ".certificate" | md5sum + +## Launch mumble client using the new config: +mumble -c "${NEW_CONFIG}/mumble_settings.json" + +cat "${NEW_CONFIG}/mumble_settings.json" | jq ".certificate" | md5sum diff --git a/mumble/doc/01-connected-superuser.jpg b/mumble/doc/01-connected-superuser.jpg new file mode 100644 index 0000000000000000000000000000000000000000..817c7be5b7f7bd07d43e60354ef516fd20f2f513 GIT binary patch literal 101189 zcmeFZ1z26lwlH|m;BJB71c%@n+}+*X-GWPScXxMpO_1R3?hrh|ojIiMz1^?>cVG9+ zH}9K&-c04N_o`K^WUZK~fGS{bq~~a4NZ?}T zXi6X=CMEl_1zIg8AfO{FFC#1_DFmbj06?=X4Xhl%c>w?`Ye#!|5q<(yHFbhF`v4dK zHUI*^1|ZWjaIoc*m6Zhi+jKn#0Ja1GOw+u!^>4}k^8$E7BL@Qj0E7To%xhq4?+Ao- zfiR1UqwOo44201PO!W+ba5)gBwg(On2rs02`RvTLEd9fHWkAR@T7wK~;Z)4PRl8SJ=wZ2{^W2>6Jq`BWooE;F|>a_YNQe z5Ccd7WB~*KeSj0d3}6Xx1keEA)N1^c@Y2r zuLc01P5=Nf8o$X6SoT^D$eRZM6oImm90dSUQUL%`6JXn#|AucUV1<9l?Z2e?hx}fa z0RjLpP|(*8Fo6R<5Ks^h;NTE2Z{9#c!NI`6!NS18!Xuy{!6P6ez``P7AR(iop`)Y2 zA!1@-pkbk)p`*Pv0s;oC0}cTV0RfE$4-1d>e>%N%1CXIW5x~BHfgl4wkwL(aL0)=+ z%zywu!CtlQUkMxn1Pl`N4HU2x2Z(tD+IIpo zluS-mF8)_Le+ewPtgNbqB&mg&hA@|Rn4M)PegDfk|0IC#EzYR1A-_)dBbk@{@=xqv zzFE@u6Ar&@pZq1^?*t$`b-}#bCyQ=RMeI9!F1_6iWJ2xAUalWd0iF!A%My}}whRY% zktrZ%m0B*`KWH$>6B-rRTiG8(%2Y55DzP8C#C_uq>(nOckE|Uu?>ty4r+j{I{Xc=S z7JCWouFo3W#g{y!6baQ?)LR|87)=45Eczd%?CWQzVrRjO%9iF#gmM#_#soF;hs84} z#?>3u%)YH-un|Ca#j1Dijs^w_#g zO4RE7z+LBjaP|F%Z}&6LNj&c_-*HOyrSL?pOjn^<-BOC~H&@>8VmyS$*J+!* zb>Uy;`(}-PnQy`N@dcpOw=r)qe-Wi{bYb;Th*O7W-xcr7y=eRA zr?nSA&c7YB)cmdGtJ^0>B{FJHQ@M;^n(^SaFjGQI)BcAZs_Pz5_uGxoN+$$qJJse)rHcAn1fa6*%>e#e@ z7OCg~3bd<{jF+>DbMMphS$3FbQz}Tj(?@M;TsPBuE`onMwyecIzqY7)pd}~mmIVY` z00|j%0dUE{JOD7jh4){$e26F$G=t3l)e;!CQ6Q|%mXAHoW@{w;+m64xvjvW6ry#S3 z^p#PPCN{>H#)sZ!4qep^s~^qx8HY~RanW3k)#_WT&#yD*rG`C;$FF01TzJ^r-DDL| zIS-kT$>5kzXlK8604Y%${h)PV$=*ucdS~v+(FxYb`-=Zh5?Idh7EX(s)7+B2lR9fR zhe2ZTjHm|qL1l23v6+W<4UN{_0qA9e2(!jDbLa^bk*wXEb<08WVrGJ9E>KFq^pyyD_5u3Dz0>FYB(`P+k=<=rixZ=9+sc&mN1NDT1 zG);fWiubie0l@KniyNLdn?YS&e!rKBrgQHB*U-XE#-Rc=dodDOdZ}R7Z+b zvSXrP>k6G$|u98|g~0i94Tv zjnQ3(YTsYRV&y&v-^fIUx#@#)M|EIRvgp`-)3CF;L{LBLH=6&&fq~JrTs#(Yak*u# z2Blrj;?4Iu>ChidK4`uJYWlEN#?$%bK}Cb$*5oPjmZPYQ@LfjrNUn)ztH~kFAx`l5 zvYXC!6~3FgM8=0QtK$6lgAm0Au3RQFhw<uiTg#X0dW;O>urnG(01CQbVZ0a(4@F z%R@q+{K$+YNp1tE53 zORvIEM9TUSvCmzq9Lz6_)6e+acG@W5{?OB(z&8Smy<9)9uja}}&bpU4-Bn`8#nKGy z5@RU59K_YvxfX1c3P_I<+3z_aOdaz%1@Szu&Z4ZuHdPK1_N*{(ijc=A*O$3C6tvYR ztdayW&WI?i%n!?~a7lVyL*y7rthvdur(#aDy|di790r}`vHsNkAF>ERb-_yZPIm=! z!P%gbC`J+zpXz~Y1ZX-0gOjKJLHKK({-M&Jz}FcQOT0M z?GxcXuOB*WoUHVw>M_NZ{k`6+75wsh_Ro+bS2{mFnR-%;TTexydU5hq3QM_}SouSu zZW0gbp6>7Df1{nIxGGDTY%Qf19IcsD8KLdCF{X`Ak~RcYxWOzXT4+>I-`>08g>$$U$Z_K8YuCF}jUIS4 z&VFb4c9vA+pZxuLXpROGp7cNlqkv?s8}(=VS~xdmKg}=3Q^G}W_ z;W}iF9U)w_jkooLS`E*4O2jqDp8r3q!K zyLPxfO!aWl=2BFkT3CZl{2KA!FhOy{^Cp=I>LxSFlSkIhm$B+XZ5;i>jpL>Ls`e4) z_7wNZD*JBq1`YBY%PI-&+Ioc@4nIW}1^t&~u|E&V2#zgGWuH~6N15+d09MN!>9 z;r@{2z#Aj1ODYtU*0(bs3Mr__m((709cY@g!Dg7MyecUluShdOrLjDbp{HTI$!w@$ zp}VU%{73!2(R5o1NE?-bkKBv+4)i!eflbbF) z$l}V3q1>+eXQP0>Zq z&CcIY^{l8mQn+D5rrx8(9o=<$N*V>V7}MYEKL#We08|eS04*r{*VZg>O*@62t^A-~ zlG4J=x#GUPT&KBK+GVlQ?Yx6F<_zA(d8l&sX1t5NQ49Tm3jRtvQxcU%eB}DO+M~18 zv_--xj@%N>hm2NL%Vo;uH0S~&r?v)m$upZtpkvEQu}J=F(YWp&PHI>%(g$bAPEr(K zn`uD!5s(^kA@5@Ae`_pDUN#>sh`lsiq@UXN(!VPHIBKZ87PnJIkDGnC0C z;-K0ys(o=AqPev_sx2EU@uhV)+T9D_fzGc$6L^62?-IzwwH=~|X9o$%Q4(k7bqmR* zQ5_dm8Ap9VxRh32WoayR`L^ccz8i(~RMMr#TB|3vS^ts5N2fT9((n77d*8psPpjQj zx|`)=ONQ-VG*6Gr0DJoDX$<1(2igJnZ_&VWAu+7ik7cjhSjn$Z{tZn81|gH|fx{}6 zQp`3c=F&po>Vwvmi*xfDY_fB@N2!Uis^a-$DXSMYU)MU|kG2e~-K-lNiTk$uxic{C zE@nEYIjDrKw9p$yjZ?4A<>yv88jkGi0DtXC-a9zn71Wb5^)?GjwnPksrwrBvPh*y{ z=X+vbElXGs;+$xStxGsevbdR;8Od4(*03| z`yQ^;XJj6&aE^mw1=J;;)pu}hoKxp@&O!kw7euT;1*<6Qx4V3zvi#J#L{oOEbk(F_ z{xiM-H~X)d3n0U{tQ&$%&SHpnO%79A|6m%0+Ne)YOE#K^o)L$q5S*caQ}|KYL&EV} zb4K;NX`EWHWel!RUgEG+tAdnCZv#;`DM|g`SaN~S(!=5!!ts+D+DZeGQ-9i#{MD`j% z|Bn=4n5)98{rrz@-K1V%r-%gsS zZ^mKJE4`2$JWW%Fnu9>LWNr+=f%W@~&5jCJyL#QLQ~M7IT=qX?|3e0qX&887Pmcru z1qB5G2VNI|fCCTqfk$KDpb!8MR7l`O0zDG4E(QSuBOM_L6El(Qdlp_&;5j}N@OU2t z0+hle_X3qYBz3U~!e={WL~@VR0hmqi9n&|VXH5Q|kASLMG-rXHTmOa_hz<>%0!O7x zSv+&t>OW7EXsc=MrHg+`8*zh5>*sOm`EB~^f`+HPSyTO2*D+}n6KF>Nly1pQQrkE- zv2>EL|H+82Fm6;?i+8o&3;Wl)Hx)8tjH86p?ZxATbAmOwU_m-Xpo06;L-U5utLy4% z@aDzwMU9R8VPEU@YRaa()%$W!;yT2al;z~uY4EaS1WT(#l;Qj{gb;OAxX2q9CI^kEx-s!kA zQK7e@$#ab}tXI>YNtHQ}44nDZiPY{@+;`i*16~hA)(O{YJ=g<6);>k^pYr#M$1)on z`t-$VjD4Ej+K-yCU4*tS!>HnNq3419>07r%gr;F^U3csE%A+Tw>H z)aQPlTKbjiE-@Cq;le2LAx{6!46dox2909VCQ%QJw&13VzL~{K+hf$87l5@eXXaQ9 z#`?S%o_f3s{0{R?q?v+*_S=gdZW|q|9-U7+=8LHV6Xs6aMYd^cos00E+kW{>SKk>N z8NXqq)&+L{>@_!>F%jhI-ALVeeEZ5f2Qyau_#p~t`KR7PqdVfugSDav{SG1b({bPD z-L6cK3Mdq`u%P6dpyvrP&}@jnddoMt&6mWv`q3+TrIR+2AG$gPZa2J(zP|t-2fVTP zg%Xe?!LeGElo3~%$68e4c_I~6J#p=G zxqYI{Knx#$Ob_~bKf7eNTiwmV10nMOJm=+i>F33*h;^nviv4k})0MlF~SjZZVd)Y70DT(8~&V@<=iWSexXtOp^=he1Nsj+LZ* z^xH29%st2)dITVn7VNsGGECVUvc2i!^P)9(1YmhGgE_WO~VKZi5f z9r|hi_dx;A`YX7-yK95&jiE8gPQu@FAu%G((ZydqL-ji(`bZ`9@=(Yc(qZkWAvwVL zx2TSX2N$uu03y4diORk&Ox+_8r61#PK{?WtTbcNcT?-ANycMXbFHtq>rFdMHBk93< zKV)yFAX)%|x&GY27wMkN?GMLkf;YMkcS#6T_xd|j2JM7G2{cuvjFKuVClN3!3`>J+ z@?q#nD$}K_#P=!D9y`LmST*j<3Bs$!@>TR30XB8w(L`nXCD=H~^6%(Bli*OV$8VC!ze}|{Xu~|iu8Fz# zFZw(#{Ur=fyt-mB-fEburRiPTsPImYWfBCHxn>HN^*~(TTI#S^B3zD#&zLTQyE#Z=rwDh z6BzC(`yhQvQrBWkjOn1-ub{0t%IxJRcOl;kpZIi0WIEJa&j-|xgeZxQod^#7JV#n2 zr4)e=uM|QID;FMS4yN|EJCG<5oRz)vw)Ik_ZD5eW(bLknm9x^^#s(s zedK>NABM@L5)9u;jf$*V)0%3tg*iC9rS8meQ$kH zmukNy*XkAXj|NM#NPe0A)SE8D25FMsyA4V-sNJE7yVBN_(dG4pr}VgUd41hVjp0Yb z3=1;k`p0?=78xk*4oHI;#NOINSm+w6p!cMetIph$S?`61!eF&qv*8^#uQ}%hy&ca| zE%uXB$ZE%}am+@yrNKHJMeKUGT~+Zk;4i);SFWOBce>HqcrHJ307bPcZdM<4a7{GV zY8K0S@2t(;>Y7DyzojCEjlw`B{wX}{a)%##Xlkj}oKeu^U>jUZKozE&W;#%pdLqT> z1t5ig+y`!$s>Stu-&3?#FU#)?{>0*1txgfnkgpG~GM_jwbb015PpF~1f6(A~z~P!f zw@Z(%Nse@Y;D0gnoHbX$EGg_WOBbJAQi>ZO*y@zQ&Yfw{=ICKxbFk1oI^=NsFk6&fjMZlQD_ub%UwBHgKY3BlF6dZZrM>rgrZ|wJIhTq1I%2e zDn93jXjRvV`j>TR0Tvg7=46}E)6q*MmkxijC2%J2)-ejHqiZ02@3AdHS`lxN;1m+i zKc0=KxPYlWoR|1eQ=K5s8Xhqm)qVJE#jTqYjG;_qiK|cZAf!I{lS2d#ZnI__v<7Sb z){E{KJ=cpz<-+VjdnRuhgA_fWUNH6BA^Pq907vRVAvo0#$nL#UPkvI?SN|Q+@(f7G3r@^3FkcY`PVL%T@I{v^Mf*wMEkdoUA zRHPDNVe}{N^=k9rurdQ}@j0raK|}HTb2a+tD33k~hLGsn{a*R^pHbiFatD)0U}8fi zu%Ykc3`xDAD;^OIeOK`G;aY9zApgU1Yb`%tUJBYh2oYV^ugN3Yxf1e^#oO#q^uL&z zeka%8hi=FMr7r4SU+nVS;7y=}*M6ur%EziUOPQRQFgDcifUYN;)0|^)4A+VwL&xzT z|5go5I*N%ua<7qF6w)}W#A=(>ZnB@iWwsBGt()@&ph*nD7 zcn;ehC!Cq1JF$Qs#>;Yyy$H2A8qPiJem*`xEC~)DCIKTu{}J~yA5WquJtxM1n1n+T zJ)5(=gg~_^8KJRRz_kj>cztHeV9mF$#R#3J3Kh&S zM>R1_s}*-~2_*lVLa;I-h@Rt#6IvQpSq?~0K@Tg0a8pDnJeW=qC#-Ysk)nv!@)I`- zC@vd(G*h=FjDmSm(Gm<19HcHdEm5PbI<51k)>))KG?@kzvbl7ZU-7IR&F~#=*T4@sMIsIj~{*YG30%8_6R>4wuQL zEI{sdRcEwld~X)0;)KzC@@l-n%vd!lI!I7@n6QXJZcIe&C4$w?b+3_Vj#`k6T27n0 z!(|oSTmHH@$6(~i>3LzV3X-Fosp@6_11+;q`dR4>@_-*G1;l}9PHEMTe*Z;SnOU)2 z(RCdvrFzFad8pP8>qyRf;+&9{m)h4asYIat_xiI_4J8=d`5t$(d_qFQ5r>Dd6 zNAtaXdL8twvh1nkSE8M#8vmlI9059+bIR96#Q6R|-LOXJv)EGV^}M1j%cSu)9{up@ z45R`)PLz>iZhKbLUb|n zzWKIrLA-@8fOjLNBpo6gXt2yNC|>|srubrFs6spoQvsq~P2b2OZmobL8W^NkOf-~5 z$>I_p1%-7E?ZQKvi(ZH^4Pv_hs)d$JabsxUzN$HC@=T@XHot6#F)DhY$hRAEO4u(S z-($%XInoFWV!~M@RH^7ys=WZ-!7hlmC7fv&q(s|u@_|{6$z_*Gs z`Rd1^o1eF~DhxxxDQJWrDS^1N3r&v2DGj-@Zt0jSoedq_9xGEnzkRijZ??c?%!je{ z2Lp3pSqRw{8NsBsQS3f$;HuSSH-8DPrp8iJRi$G}=<=j{z;Glz!*hn$`S{(l&P!4I zBc}P?K0oA8y{GR3*r)H%IQ`l4o!&z?XLpR9W*Iy)+e93PI8c68@nPkIsCpI{XhzGV zmd+KQp~J7K8NjZPS%MrJZ%f(Il%Vj}x zTrPHAN4VprtGx1Yein*_LOrE5VW-`~gUFj{Wf``9nRqabB2{yq!jL5nurucAaAD^J zp%TL4Jj!q1L#v^uEnzTlKdg;!y=vO4GaXx$S|@+9T(SFsQGH!HwkEA&{Z%?ole3`? zu{;k+N}S3+A#zo_v}t{IXprh>bsnZftf(ffc%oH8$sb6<> zlM|yFtEmz372L^uLiifO5j8b((*Qgx<$ZwB<*ZY8N#$-cXhIC-nmNnRbJ6SVq9fVdA;rDN6c!D1NR5wGjiU*cP%zTyE(wULgF4jyyN%-Gfoz#znE zLDtD9)&@>pete4`U=b$2Bs5N1y|KQ~AzDUE) zyJ(&{Z#Y8vjWARMwo%Ib!7Tv4FemppW1sY3F4`@}Xr|3Rg~geJ4cY>YOntfIBNIPu zCZ2FKk)UE3X_rK4opW@NI@Ln9_`J6i;s7%*M%g3Ft6>3~DOtB;ArYQKsa|4JQL?P4 zhjf0Us6lMp8KzGW0&$G2U(Ll^dL722plHABqG03g8TaLq<1hwa$_YDyp`ex7|BV8i z)uI!)bP27+zKN#^tO{3#gPlh49QIrifg@xG2!{BhS)~Mcd{w8DI~C2c@<^$Z@^wYq z^WaY>m@rDbipbuRe2og`Lo0gW+at@yCkydq)dwm>x1gHp>d$6gIIp3`0|CMhPjIf} zN-7eKy3!2A&e96jx9|0Yi*Dr#iOUw|Fd9D<7_Mf%0H)o9-K(J3^R8TpRB94DdD^tZ z6YVWCIJ6*fIlC~vH8+I+YVf?k_vl{1L%?0w3i~_Iv3lDnV{rI|;e=ukQkld2h((m^ zFdSG<8xJl0(pgRCvD3dy z&B#Dsq_qk9^Gh0juadQ#&I`tD?lfBkdxBJ0Dq7mP>#usyLI1v8E|TE$0CL zVJr!_H9b(^V(%2cRa#zrVBvu;yQ{z3%R;ln_B-kvic#B>Uys&ad>4mNjy?6&H6f5+ zv@R|vbIvpVYD{{R%@b9A#n2_igBQUVTFxrJXnR1F25V$ z@BeWK^acr(yy`ud1KoC)w{1BhfGQi&w;F27w;Ye%!1c2~7L=Fq{k;QD=tZUrj9S%w zxtsIQtOZLK-76E1ORpps=D=36MoWQ#r8mppN9#lu@!+v<_kaAfANB6%cIHQi{>V>1 z$N!s9w@NyrNvAr6)Htvq=wRN_5@+jcM2>q}ukX|EV_j$oQPacIlt&LL*sLgLFUCHroP7uB@&ITQ^|_)OaK`G0tSGDfQAJA#0K>BS3$sEwjhInqY%>b zp%F32=^>%&+WF?xeEk7Iz%L&&NzACfNoViZ{S%T`U`nQ;Ut1TdCxv1C#u^Ff?k|)Ti^-8&nd}CPXX44FXb_WS628CA@ z0ZI!yj?sFe$R;ZDsjMxF{2@e);7`aMt<58zF(FRr5JM!Z{^Ink?h&mi5N1kOq52~`0gnc%$J+`9iJvR_M%U@9#NSsWqNRjMkX&zqTJF> zIPo1dzctzVGYc3HLTReIyp^(?RCB&@JCSzE<3g^mq^#_hI?{kCs}2E(DRv!Vr{RxQ zFG*iFKp=x=Da#Uei_pmDjW;fj4mBxHrnBNZ=NvbwU~6lEsF+)q$g4U%Z`zv179XTY zy$@QksXLNJAs=$b6}D{WyP;;=X=ysuT)uG+Y~o*%Hf_C9y$-QrL$jV8<>*i`g`DHw zeku@LjiGu0#6RI4bk5lH&I(BmIWL*e7`HE>>NUl$o3-OQmvRVCH7>g$sxK&M1w0p3 zaEFG}!`;?sk2q0Ld^Ip}t5g!Qj{F9@aJHv;7(W644!4zDO>b*gqr!|9+2_Vwdn&JV zRtO6tt3_U^#6l5}A=FkIB@>jX ze*NVZN=2h^wD4uuz#nU}*HW4x`AM7}rL$^N<}-oTiSJH_SFFJjlPu5Kzxru*WZ!d$ zo8>7wVY?|iM8HI1|FnS+kq{B(fg7jsDtQ4ga=KE^x+vp=fq!F(Xw(?khJWwQ9Z_E& za5ktQ$C40GsXc6$#G3tU&1$cdz$~D2WXTAtjp**}4jxk}UX{9ysUoPSjlKsH)1EO! zFuS4b9L_JY;S{y3b1Rvg`Tp*Zk|w7M{X_%3D2=w|bC(MZ=Q|540;8LqGSGX_uPI7e z7K&-(@1+yTQ^a|;NZm40jhJzXt!m~eM~&*^+aH`wzjnE@iZrjhp`l&eDa=K?G>%v- z-PI7zuZGFKPR`ARqiHAoEG70fwzNT5$#}4TrGidwn!Q3von>;OalA!LKtdsZpS)Tz zVafbU_2i}YSfSBdYG=)W3X_eY!x^wkOy&6w0&ow3F{h?^q#MQNmHD+x8)jhaT{lWY*v6B*wR3R3SKPbI z%Askd+ND=={QY!mFhFAy8<=v5*d(l5!4NRt=_6x$3KW`nFPQCHIIbZ|1G;0>BOanD zypVds^Qi|m1qEyoj$PG~3&pLFBD6C@mLmlIGy4ve{C#)=OiKJA8bSwU5x}9nN-oH8Uz{ay_F4=3{tf&CwX1VJNJG z9@bJzjBO*NYa4ElsLt*leqoLt6L)zpfTrAV1vQ()$k8fr9aD!QCO#9k$&QZmOo8`m zK^G=ygGAwv1FhKGt(+6q4N)qDcM&H)$Xjv7jJ)mhF_g-fc!u6gM72N3VqhDi0QR*W`1fZQm7o0_sE5BuEo0;tPNWAeAbgWhof{f6pY zrIzEw9C)nl8;a4ArgoK0J>5A*hiJq5%M4_v36zZrP1M!f$tnu+WAdsE!NU{yuV$_j zq?JBs*FD6K@&gT!HYNdWT`cR;7T=-&iEFxeLxts5TG{Ax@~IqQkB5uQs?>EP72Rgi z5;DMVr1M~J36s6Z7VH2|PY1Vd^I94Ok6RC_)r@@%+*85H@&`!~v_;TJy3v^JZQ{xL z@eftaLRwzmPx2rMgrf3j0spr?lq!5m+wi*+kk5WT6M!efrg?T+e^`ltAopfbHE|?U zGW*_FG#SkiY9TS27&g6d$Y`_$V}yDjDc2~6Y$s)q^*-0&Hfl*J)jnhFaW+1&&iQp)^1v%?e%pUPpBY zoeMhK(~s|Pr}~IxYgguuPstex)uwI~-Ym?|nuNSlbkItTUFWC|_6s}d%J%FYDsO|c zSQ?4lIZTvp8-t89lvpUso>$0eU^|>IaSam0`-qE8avW-d(Tf{@K}=h^+{sm29wm{x z>>nO<)2hQ6V_SvfCO1>xAj5x9Fuyf+Kr!fWJr>mEtio*b5wOG$WP0;^Cu-^f8(#3 zZViZ6WZ8>}BXiuP?2wTVQZZ6HC23Pz<8!A{$;`(J#8TQaqjYjpIngdI!Bx4|%g?1d z@{(AV0&O;6Q=-(pFJQ*eKw2+(CcaKEPD*#QRx;PNn(V-%sMSK~D5a5A!x?%3q^t^j zwXA8pxj$EILkpVMFQPZ8>%&+sM8pz@v=Y9uE#MMoE>3kRLXiUAL!Fo0?ZaM)l+S84 zzJ)0rs+lYAWP?yG%&}5P&9m}xzmMwU*^ic=4TB(FE@x1j882k`Z5Gf|>JjYrf@2`; zWb^F1G3*1T(t>OjVXH-;pu+fi+-Q@Qul&gq15Y1@SYuuC!Xxu(3Bucd@_*mty0}qg z@=bw&t-yT&IMUkM`v!{LUsy1+r^~h??9f_esT5@m z##}@5DP-q+0}&iufUBuU&Fg#>0>4%V=1oXPQWZMp(c%+ua~_A4ON>q+13L+BFz_Lk zL9p*J=6V-1OtYn5km@yN$;NT$8MTtgNJX_A+l6#TY7c_%KMvSnXW7TAqDyPwY*(=5 z^5SE$jHS!G{7|jd-fv9N)XC_VcE_YMltoX|O98Q$&{EABIhW{F4`G3fSbu@8XaY@#= zrT&8J8Abu!uNa*HPrEUpz}E<}y`ikvHrb46Eo(b&k2%?}RzoSMJ}9(!72h^B*%opT#gdY*pINM+8#Jm9?6>RL@eVqH=DMtsb7(3VYNg7GlT2ld`ATK2f z;ZhRRg=nEaC*jroO0~{oT}UnJvLoC{wf62D9JjC>X&Q{ODze`3-c#eiAhMX=KTP+P z*`=v-@;8_#rGIq)D%Bbjxgv*x|HRc>rd-0l)_J);4A{M)_>zh;vU5i%z%=II!a2wQ zws0~@QHwKkaMW{L0#VqC8qDnX*w8lLO9t^H<~~)9CwSlX0w!`#>=0M=DM%l?3h@YE zaqk&t8+Dh*Nn9Xv3mvyFlAVRqhyUmWpm+mL8yoKTZe3#%z+QnvAadG?^&~~9yY!YV za{z>4>!KYIZ8?3rXN1(8xgEAMK=2Lj&y{o<`ja(UX_j={ukRo)7Y)=M5Z<#leT?Wu zm=)z?wf$~np{L}G=1XQz5U#9n`t$heN-d@Z84{7yZmRWl1ra-#wRRrN%Qv*W0FKCY z#}9vU!(#Xa?Iw+x)MBt?;N{BB5o9I08&b?Zcik5q)+VwRMVJdTcQ3zR)zS{NI?Z#w z&H~L}Xv%m}E%L#25x4lIc{<;ANt!w7pV9QbN=@Y8j3ls*>jw+};2Xu&*K|-#(P*aL zMP<#5pKC-{(G%?u$1E8{eV3ff>ld&k%MdB&vEdW{!9uG8b_J)y7^f>b8KskGP4mlI zz+-+l5wcUX*dTDPWDon5Gls54O$O^GU;}p#sS_A?REb1uTV67}ZlYjLTsQY3t=)jS zzeC?o@*&8UqRHp9emPwPkuJ@Zb|uaC=p4Ekg|%D&0TOr!UeeS$xZ>$t=p}_O?=FT! zuV9&~*LqqPHH|Pc9DtjN+xBFb1)uF|ee((YAxmNg$k>QhEYf84s3qa{r|MPybJ>ODVQjqODkm-n?78V|1sIQ!^u6f#~ zdE%S^L$4{RgJhn2kIC6=hd_oiKqe3Jsz4Wd7`8a3+|rng4#JMDE9+aXux&few5tv| zJ)y^EQ!QcQJ^ZB%q#F~mYw5mI?#ipBw7UxS#j_R`A)I&g7g_wMTa%Fi%C908+H+8) zriB4z-D*B>+=LAUz6qUS(c=l7VQ2$F`*23$ZTbvChsGq>cfJg5E=1hKJJkq3gp%5P zjBzCP+|>{G#y{o?v0!gP#jepz=(L^lE38${X1j73szZUnY#mUIexq)6s)tVpj6mYL zj;m;E{WWlfSRM!-<<=?$V8=j^1j1ZgH)_Jz@AT8EW$+0i26IKt`lO59tDiQJ_#Aib zgDu>G{4g6L@ABHaNx?FJ8~DgKP!FUQs#&3&v&D!!8&`5eq7iyYsdMx0XJG8Y9pdY!1euC@66@H=R?9UQ;^*;aD z4N#31Z|>DJm>@E(h{AIBh2TVYvXY*>UEM>a$2Du?>f~bq)BJP?Zpd807UyD9BKXB_ z)y;cTsy!juLG}1?wm5Ge5pOF@)S-X)p`^i>5v9setv6XQ#-yIoM2#um_Ic;K!Aegw z*>|5H`l>O`dx2jYVelnfZFAayjJ#04Tq2}a&@owLFnjAaRRe^!#NoFDgf-0r8^H+R z?~^Y?uy+eb}0fwcDAK_rnLPI zxfF+Y$9Zj|MpH1qHajqiA`-uxtxuX~rm2ObCaN8w(7CXL`5-VP(d03(63-!03c+Ml+61{F-Zp(m8ry5UtC zb-}lBrqxoI!TV^04AE<->vp1|W@wFvOZ;o&SjXZ!_Hh!0ppp{JT9qHj0F;T+KRFst2b=@}F`h(Z|5al~uTyYT2vgAXo9xLs@gIkT_+L>9hfbFZ;rY!tfD z#Qrl^u(m+p_BH>HcWDk$D#?*gq6@G7 zsO8IYL)toJ{6hWY^M^hp9I4Up52skAT&ei8DCs96!q+!LJ`}JFU6p4lIi3W#UeIGi zA>$)5KHO$KT91SVh8g{c_-f^r>2_BOji2=&UI3q@Iiik_O{%yQJ475qEC_6e43clVmVKFBo(r#neukeE)i#iQYGF}(woKWKE|!3 zRc=i8x6+=;OUS%o?ci+^T?tx4b-HW06T8RazfM`puc?oG$J2uJR+2mr%j*gLw|QV> z!#YiX(#$5$l-vcuB3=1#<%fyG2OC1n1WxQRWCtLmlD4(NH=bCyu1xG@=dU{osF;Vl4+znP@4_h_m zHBC)6L+**7^Wau*;x9fP8(ZIhhzPQMUihhOHQ5-x`m7M%x_(I3Oz2p6l37I;nE%d( z?2u3m>F(B__yee&CCekesNd^&hYuqlw)z9-g$P3R^_oX5Z(wme6X8GV79?@wi zE;j_$v@4OUdN-9ca2TXTKbwuN;(oWl z@J%NBUIRMDh+Dj2fD{RThzEt0XOYq0n+rvYQ>g|@N0Isk_dBxja`lzl=Zbqt(sfZ* zjB&r)1-5|paAY4c5{3rHyG@E*<4=)6znq>T~yFEsU2L3a0F3Xq`nZ=VtE<|C$=<8-X9B1?c;8^keVls@%0?aCa%#paDAbw z;_RiEMU7fitN$u|%1xf)5cx341|d?aF0FNti~Y7mdL5N(Fts2q&fu#ytR@3NIf!Ww zn*M<97bp#7f%C`(g)*;mubPR&Uo!$SRtp>IV3|y=J#q59ona^@RK3sY@}p2{nBraB zHdHWOz{OV+ygdR=ZvqBA96wO0^a+-LDi!i(yx)Yuuyy18;f7Sy0IIj&`UOzSBA~h1 z{yfZ@Wbi=VCRX!@j1@`JwVt`4UQdXy zLC&Dc`c?hGE{m@g+_MEs4E<_C6-C&ECz%%)%DSewP8CIJ-%Ku|fu3I6ib1M^?zh59{!JmnbSNxG zh8B}LFX!sj0`cE%;+eJfb(KMIG_D4fO@d=eOYEB7@m(2;a9__YF#BN^^I zG!57E&tCbYM}c7JnO|)ma@=LA)Ci8=?UHUDeO0TzW_%m9DpbUrHsn>O`86G(MA{b7 zYlC|t8CLrnXVWMu+WWg$gPuM%1p7E!-=(w)eJ?d`Z9)+?Fa&F`I%ct3|1neczDn;A z4=yyotc9)T3xL_Z?$k{sjFx=U=BjfG1V>|ojF#Wdhu>Op#@US6|hdm)Z*948Wt_Pwk6qEFDBd`(% zIaZ9lh%XYxp8sGguo5anAqaNHpbreQxEX$Z7iY&t_#7tf>*}CS047KaPG17K=EUlN zrWJW}lN+nwbgFYFrFCQwaD#)(SlkOyz-1<*t}qvW_5XE1F@7u`Nd+J5aJE+ z3J?tX*MAK7>k9Do1`zz$6=2S!1{3 zLwAav^6RhbP3hAv_yD*jBUZgsvvp${Du2k-%dtXba`z!2c$S7dZVRki78hern{k71 z@^aV`hZ=`%pAT$bE9wg2WYqMxBB%O3bUXRQKQT9>E1S7Cp8kl}%F|hNim!S$*y?PG zagPdh4dpO?R#I;Gz_hx;Z&23gMjU%oUZxXMNyF@ijgQa^0Le4T2qocL=H_vHVhOwt zgLCnhj6Rk_nTzlTel5gkVp{{fLcNo|dpG=)xI?&d^POj4>@*=f7?U#rz!c}>bit@C zYb>IDMLurpN3X+hA--zldGf=C&o=95PXzx5dv6^TSJU+iLLfnc1_|zNK^unzLSw<9 zad&B4L-62q<0QB{jceoXE`i3~Em#794A1j^>zg~X?w|LrHEU+ps_t{D&#BW@b#~R3 z+WS`*61H0*d5Ib1&FEStTHv+Gv3)SZUB1J_jM|L-;2f>+^e2Pm%?>JgSP6~0EaMMd zP^Z#QLyu(p9Hy?+v2U+B5>|Ua+VL?djCXl-y`#Sdw+Cqo_gM6~2DCT+B1OgavkcQw zEI+0>n_eG$@x(4`ywh1LDrI{Qs~B?to!H@xk5F>F^|AmK!a5`P*f77t~N`a!Lrz4D%29Mb#58 zWIm?l#{+-;tAvDxZa{qfXF@uKJTOgT+)v>hF#+NJA7y-4nihQ&!mNf&*gZEHox9a+ zA|EcvmrwXKU1$Gjy9yNUl}r5*PD*memn(I>$7H^81e7UEn3jGn$ScT`xRB)(csnM{ zvS_4=oQFo+qKdTtMgu`XQ}KOG1oxj8ZK!H7Hd^Z@^$E}7U9W2tJ&@PMJl&Kcsea{# zk&|f_rS9A1SY`{rSZ=`pd~UoXA`6Eme_f=XTr3zt!B(@?tSt1#@fc-Fk=6Y7&c!n1 zr2F^FHic@!g^P(NB9N+fUT6+|@;ENu?zoV_^$7Q*SqQ89yibj~Wtbmgl2s$az~blB z6N3$l3^}>o@Xra)z*!-K^k1#8$~o{YYsso!tyRfwX^FLb+1KVK#hfKB_(;RO)4v1g zPj^p+GMjr@`ftNLWTB-gv42MY!FP^Ry#}klNDLpf(tnI1Ds4$d;GV@Ri_1IN<|Zam z{+%XQGApaJMStoL9G9VBbRTLtXp_yak-eiV+eXMxQ&BD^k5gIq7g+5In4U-u@)M8*EB zzx?G_a;6wRAfEellu_{@-z#XHtEWYnohbI{an)V40Z^ zjO4(Ikiz_@VJfpGP8AZ}lArh;Zno{1?m5< z`EF4;xC@dO6P#kk`AUgMZ{d-S8131C$PKVo#hVBINMQQ$4NVCfW^m5`+OJ`ck&%YK zNTHb4%L9_pbd1`z1T5;@iQ~fgSmR_io0J@=LRQVk$y0%DYTi?XLJ}jdmuLDmQD3WN7AD&c8Q?_$&WW$XD zX;o&J)HT?poW3naFW>6WS$|*;a^yQ6Hl!z#cl-P&@f6SB3H2{hq-c0r!LJ5qB$sxP zmv-6?=Zys9#j--*S>D+AtW~mZ87nOOsq0eUp=~X0|HKbwfS$t(etq;e-S|Sp6f5K@ zoZp7(&Ny(?&>WXd3lmj|*UUzHlpfcrQaGZu&?%u{Woub1;%^zVuSi^sE)3n&f+^Va zfAdOtoTthLU_V=+sjGrv997+tTkUxpT735W%MEG`mBY(MyHZ_u!W%Zp9|z!ZZLePj zSqgH4*mUvU_pw82`{Re1Q_F3T!5*3_~pKnK=m?H=rbkM8+ z>4J>=b)vQ*>&eNQTD_!$k-GBcJp7FiR&*Ccj3MP zXN@YL+*BPNrwb$^r?RydnyjRN4tL^#X>;-dT7|X*IleLE4U=nS7QZQxVATb|nO+-k zC-IvRcZV|@>meXHs9@gAsztGBK7!!43E*^50wryMbp`Aw3H#SVtTVnHrCYQPD`7B= z1qjSp=r^-1C__$sNYCOVmhjjPl5+7CY-+}kpv=g(+ONqG(Tz_N9R&RG_H(sV;slw2 z+6%Vm_=XApxsSp4Ikx$P-Y;ck$5RtZzO#g?wxrCJXxM~&AlE37&Uf8QL$c`>54seh zcL>0)L}F856HHB(l>zqhmN#hIRnF}TOt(BA=MBqRwLHsCwGjXQ{J$leIo@&on%qPy zP1Ta%Q>?(h|5%YRPW#NEnYb&tb6-2|iU^j+uzX!*Pui&AT!aL+m>AZ@z1T*6tw+K0 zev%3GM4M#yg({zGunD;41qFjEITj6bg7fM5E`Y493F9D4v9cECZdFHbdMPymvqJ9& z$*kuIB6t3X0x06FGdM7|8+*vx*skwnJ3Fr9u6IisSNjxqdo*>Ob(0Hs%fo%m2zCI@ zahaF4lHZFyOnVIUO)2V2Jq$NJGLQXYChOj}7&y4Gb4*cPFwHA*?|X@< zn1RdEe|Egs#L3vWd6L{w@@**9nQvu*aRKjA-@gx4gvrc((L~#&4ab|C@qvq9bsOws z5n_JI%UxVY9VDxFi?)uUD|LH?6aBeTxfXJ|w#M+867OHZBC?^tR7`7{A|W)Gcn4f# zZ0Avxty7w`N*beydP*nXZvd&RbW)yeeRK{RY!X_Nve3kKnrCYQ!^AM~p&hFc&L=CNr{!)$Vm(fR^mb z9!I{7?@GYL*r=Ww(6Hm-%}Q9j4Yk0Kh_3P6N?y;lYd%s(IsASew=LL3R&CHczjhg~ zEhMx(%5e=6NZCklO0!AftPMgtWDa_Gm;OletC*y;<4dRJCH6CMbd=WOb%^>OK`CxS zTt4xROdyIbvcz}QoZt9)Geu3<`04q6@%6y^mDSPInkgBf8GuEFrYqPd|bJ;j9i+h9W`5xLh>!?#QD7rCCf$Tdx zp8*N7GqT`L_hX%b7~F)y#ssu0s#-}m1T^urV8}|^x%Z4C(xv8`fqDvBA)A)`qwJ%H z{6czr^GMc(dGrr2D{qLOB5QTz7nuAH7ZR!EDH|VWLv6|R&}?`!!Ai3O1gG{$UD>FQ zBHLi&Ux7siD|Eh-38v+8gARZq%!<+ z9w3JLo3l2)we`}tz)NW1@Z;@-0C2c0cCq!>r7V(ucwf5b|K6>+v)iC^; z!iVS2vM^F2x?MQ<{UmKorROL}EJxv$D%fm_hdb?POP01e2>zul?hPbfsI;+k5jUXT z0oHn_JYDC0f4mF8IJx;R@;MlGLt0d=5355pD}U{n&EQCBNzT~%C%!u6hD}lW*-?q% zIKo8Hq6Ct~=9V>pPd*lY!=i_`Pw}YFhD4mNM*RnVuQ1)G z?VXaXc8s?Rn@0rhB^W}oH^>{stDPmkm?C_2AN2eba{eMcy8uiT>B`8GOnw&O^wa00 z4CdT|LRiYLe`hmHAt5)h8QO8>Z-u33k~oGH5sa(d-j!!<5WosJ1>c`VKkU9X=;Fi^ z^}O%?665&h>6l3H*VXlJ0rh3M-}jP7yS4@P+(Gm0d^cCXrL8xheiZER%G#SbRd!K;2R zH7Z4H5E@q9E)zcl#sfXA&2ix2O}D(}L`Sb?pIg=^e9q##0wUNhDZ-Y2zr%y%VRiuL z+^Y_Z{$U{=AcO9f75YwB7!UeEz0g+Wo73uSI%pF4(MaL1WSK5pN&Wah#9%2Y$6q8> zD%JtAI{>1tTk9@kv15Woh`3=HRI$)Cm>ulZ2kGt0Vd!xQ`|*~JKVtwPi_kEcj{(0Q z_R_rsPPqM?dE9D77O`2}jQrUmDVq_S;7zl{L9KZa3pd5#TvYv?aa!O4@MJG) z=u)vh%jS_?_#z_wFM;bQ;tX$N%pA2QEt$39d(_>3?#JgWApgirT2KK%Ua5F7xr))q zF@x5kjss4DkxWukwMSM)xhRIkqE2JkD`PT{F4I37JZs=$3}wt8>@)BkgTQ;EzN+r( z?GFK07d> zl=DB)G?W_~uOI!p_c9Camjlm|l&s(Qo1*z&W7r3gFde+N>>VbKDuh&1tEL^*hb7KW zg_v;r(c#a)gi^J~?I95)fK?~Lam>~r%A*)fb6r9FZZT=9f$h5s;8WbcEq@|p%}V+A zOqp93(V*xVJ^NMb(wM{PF}bUW^k%0rKB}Ol-CrRA@z5-Dk$uVRe5IL9T#1AuSo|KQ zaGH7BWA1*iPw?`E60YccznJ2o-g=5R29QC}{jM|&QV_p-r^$qn6-{6$ z@S(O##g2e0v+`1${y)+{@DD6TY?9Dt{p!a;W4;ZtsDf9q{Vgv4r@oEQoph^-zFDnt zubB|D*tDJrO!utwGVcg|LE3W7n|yl%90|EpzDR9k5`(-Ua_a)0f3(%#JfSY3==xr) zwKpzbk>8cPQ<|NBp6k(SmN-Pe{4>+}%`@f}2P70UW!$*_qw{Hgty_yN5|s(L4|gq~ST>~QMrqQ# zKo6QA6MLEBVSLoj#IknWOQC_<3w>Hi4;J&tSegw zF_YvnfbHx*6cc*m2`#4itrA}{8tUeQ6X(5*Yah+#j zRD?$n)Ze{s-49MU68W_>SBkAI7GoqEsXT=Wft{pYM&pN3H8$VT(^d$jW?`(IXP_KG zhmsup(h1RK)KF?xXkQqAm`Fd_lF7vWpUH2O?6a^h_x+T#n)wAtLeFkf95gXp+IT?p zNFZYN%BWyS6dx(yrp!+YHC%h}BrIB5ru#K2t;M;%S5cRZ|#;ERAXn4NB{lB3hRZbWAsb=TgIKjpsGSC}!yfo@;qa8ayrd;{T~iM8sNTpz`P) z4da>BWPQ=0R_u2-a9z!d=SpJrk16Q8I|+25foYUml7XjQ<%S1Cy|=%YgPDp~OK zC>uBLVz)ScU<=M$ciu9Wgq%hwd#;zaNKGn=T?*SY^@MzA&|QlDkNq)`|C zi=_Qzs%8WKnw_M-7AQ8G9`hFoq2{5WrvO~$qnrvc)BXMa^rZ+Q-z=cl>B@)j+(*aI z1lr5iktoTUB))3b$)WY^-gc(yz!P#!NnGDI1I!4o8X=SH zquk-VNwZUHIcpbW z)+(8v`H`7btJRhU2H(OLjWi{8#3Tq6owf$j9$|*PDfuxa2LDx!IhcNq9b4}A*GpxI zb3dC)pm3RVi_ExS(P%}qqwF4Mqgd6~M*>Yp@kgBhYFf`}D7G!20>$TDf)gXTWgMfc`p?5-lw zf_bF_`*2A?ig{gUXs)*Z2(1m=nqal2HmCP`%5$e?mp+#f?|Vb4A~ugS^s&u7RY)G# zl-Mq#gU;|WapD{~p$s`&ub<;hz`BdkWiul2-yd_4Q1k%kO8B;#Y47XJyTwMMZ%gJ@ z=%f5{r*A+M{zpB7+*`Cp(&Lwu!=d9IZeK>|N}Tfte3`B{i*+1OTK_W_J|l=3G z6Ao%4eRXhgoHT`1n9v;B8{YV52W&noOV0vhXX2@Zq@%QjQx^Umuv=n)!J#fL0`){{ z#*5Ab)Qzt-@26KZ18^7p$F>bGXiB$j4)C@jn6COHx3QiWwlV4#Bet89fFV;5CcwKv!0I}D5oN~`hHSff?XrJ3tPI?Qj9(b zh$q?L)?~?sf_-c+w_8Cd#nKE0`v74d1k%0qE_J5k$RLKya=<=pvbz70F z0KwN9oW8-xm?SY?@}v`=Tf6dtc{u+w69TL5=*s7 zWf1COUa_f8*R#|TF0*Yui;4@YM-6>Ujrr12>Go!M#Q4L0<)jDx|4KIwIF8ckyB=eZZwpJ7n=GFC>fG`zE!QSuK#tUPeHz=$g%NlO- zF0~ie$YxMz!_lS*u0^gGN@PF0NnOiT1+*1y3odBRKx(oY}j>U<~*)=E;fjcI5q)s`Z{`%{npXM>!>COJspZ|2u4neSIVvykL#QKcw zrf#LUz!zPRhT^?;rJR$G3Z9vV2<=in7HPdH?wijR^>{974*3p_z~#A~X!K>XM4FS2 zFKCSn{L3Fyxi?NDY@%{yzJhn!zJWDtMOCX8-j--5oR%Qil9}vj^ENhv9RmaNmi{5L zQWkwVi;DSZ0kd(PIuOVI*H7|u!K87W&x^GR&mgDBD9EU<&|bcL4%vM9j9>a3wTX)V zhJcob_a!0S2eo*5K2w*Vgj_r+b(3xy1~bRr4+xKbpI__xu<7 z=_|<>{>v_xm7Z76smR%ar8U|M6a3X}vKTr>-0#+u`TwW?QPCodAe~(i3Si6=p$9qv=E7Y6pV4=bGC2T@E6`e_(x#4WFo< z(cZ3QDsY>_WpK%m!70m=xQaxLn6TL?08_-RxK*+Si`b9$EzqzW@WZYd@yoO3x>%6g z;aWe^xD?yh|D;mTsWP%v&Jh-W=4r*=(2KIe%l?thX3aNTn|6SlWV<`keQ$|q)@vr-G&B0#1F3Gie=#i3-DQM;8>!ZfkuJQ1QF&K(n6irn2 z@(Zvc_dT{3t-(21{j9*Uh>HWhPRnULvLbNg%x%#XrSM70{C!?7%z0AJ*p@C`Y4~g! zy)nNoIR$u6^C?zI2(4Z}hI$BD3crHSJrX7uxxIZ87qi9~aISu{czTwXW!U(zxar|Y zxqn@{?QM!bY(Kv($E=HLpN*f9IX^vGGe5V_=jLWj-jR%|SoGqZ$iULX`_&kHL%N#6 zHrJIyExeV}I>h87{ko#(Dizt4b)7AsHP%|$1u8JTC$Q9>W(%5d^&m*gOz4&A+pa%l zwKS$=Uwyy~AvK3icU=`VKTdFzRc3W!Y#{wH8fjVXrie2b2-=F;5#-vCu0nz5C6J3} zxC|T?45xslNjakqAfBZ@{M`F=2DTy-dqf;RGluDjoko~frB@&KSt~URidt0mLe6r} za*&3_dm2VQN=)3FqhQqEIrD3Up`S@Q>0|-rhI_tl*&_KBsJkW(o~U{g7~|Fn&#by13zF zZu}n&C=P}o`WT^=|$mJ=oW=NL)tEGXGm(+|ixcE3!(Kb+XBi z&?Q)s{+WP06kU561v&A?3oePuNvVh^4^#`&rOi)|?(ju{I9dt$Q=zo6NmR@yDtm-} z>m~+v0hm8TZHzHr2n>iG%q70@2>Hh`wQQd~FgzL0`9+>lJ9OM9{ti(4pr*)kMo8=sk~!iV>R>og`3Hyafj*pl zN#HO(F1t@?E_?Jow)z9@lg7PY8uV5yFS=!v?4N=PVoJcsCD1B7Iqr{`9n<;dZ;FQ! z-!hr)P6p6yD!I3$C9HFuS@!|FI$_|6ai^6Ziu@fQcfNVce1$1-G&d;aoyOMII{?Mm zp*AhmtVT1&eOJT4oFLxYH^<{OkpB1=$-+_aL}$kr+Ya>di_M6*0h`ya#9R44oh1(h zD-uh7H_Shu@)9h%EiYlYh8#HPgfkVnY7=sFkqAK_UNi7ljbrrx3U(jQ9Gw)fxXhslvZT4kRC#QVQTD{tX4E`*s;|fr zM(w*bvMre;TTbC9P{h_qepkCwH8{J-VVvn56g@sG!`blfz4g?u`=x>jeb3Ju#cP(xC*Fh}L~_T{xh75(24-K@)o-k+ zlBF$eY-i~+vWTwLtfOTE{Xr@Vaw3R3vC%W~vF#ZacX0u^IFvX4SIzzWEJx$ct`^y@ z*qu{(WAjlYSLk#paME8eC>GOP7=odsc7kUcz?M;9?NE^#-ys@mh=C_C9BteAL^3ou zP+=^^&fBQKVsKs=oOxHEm-qcI5|&@pA;=KWWxFUg6Cf6FYBygT_GIhW6*r0M0~I&m zYxUE+cH@?Pno0pUVX+LCoSs-_iH0QsUk;!<``$U1_tpAB+G|Pq0Q^H})Ek0KM?c=XiXJgVe6~n06TC4#`cj??4q|sG=eN^<5(M3A zCW;DKHb-%;VQ2i1r}3>?@v5`*qnVF!UOg{ig6t^jr?X}p_wqWL_}y6gT3EfNTyYtu z_{HqA0u-P3@L_oS?ZcUc40PNTi1Sk!o8%dxGu+S|J7h~N;HMvz)5-V_({31QsQcx5 zE5w}wrzXHO^Y-4G+H|ssXx4U?c#B<*@WzuTbY|U4{=71(;ow0lG1oHEv)BT&X^X?Y z*z{n*I*L4@2K@&J@A5H#HjN11?+yCd>w4gO3=*P7;xWddfffNSF&-!phqL~P=i-m$ z$u4irsD-pVGxXEjZ%-8(r?BKLHX zv=`EV#wisVdVFk+Qrr$s<)a^{+B@0z69>n%24zpK8XO||Mg%RsIJ2$8bZ;U}R3m!K za)NqQ&r1L$9Ww}#Gnlr zu=zC3i~3EPRt)IUQydR_5vIh$CIRqYcY0DX;cW?0{%F}s^H6HSH)Nub9Mdu*L0Hc4 z<1Ky_(wGh=cfmJSjBTHS>%+kReh)Ts2C zajN|MQ5KN$|JtiXufp&2Ov2=sdjvRv!fN?0{RSpavqb9dF&SR!$3P`%)j6K{?b{kH zX1U=(uRB^zV)HJ{rHEzQUZCK@s5#S*3tM5BtNuuo#1-v};Jk0g zOhShSk1-=LBW-;+)N9Ox_tVUQIkG5f%YzU{myY72M_P)Xz3tnq#iIlHV=9NjqGD@D zrt`Za6x>r@WJ|;3`A@_o{CPSSF-_R^F>}tt6e&li#ri-mvV>9leC5iujEf?k4-7dj zEMFHQwtc8C%66tBq-o<^ltlZHIl!d!LZ-2gA7V1{Qo{}&8oV9@nSQgAcTii+$}jDc zl^Ne{O63jOiVV+%hd5H$3l`h*HGAg;z&mp!h&W>DCN{fgBsXI3HnsIdBf*Nv=q{y~ z>zmpt;>X|uh^Jc#V}uaQi$Hu~MqEw)sZ*~-D}ojj%el5?+3eF{JZIhpAB#-$Ff1|U0R{p`C5@sroo=#be$*Zj;R)g>W2J7^)4UJLi)~v4^ zzO%O-)%xt@|F7S@EU8d96iJ-cl7lKM14lC6yBU}t0q_F-nL3B-XE{)d6nZKkR- z^taQpY_e~_f}UYs$rqI=-W=6oOF9J=%g~x;iVK)q-z_I{XSvA=0duk(hF;u6lUpH)W5S2Sjt zG58enRuBAfBrT=M`0V5KvVwC%;>u6PXn-bcPO8EzyOO;wer5F8iQJ^zo3_4h64kZ7 zfAWpsS;;rEin9%SC%AaBcS;EF$Vuus`OyMl#;^yH$ezZUZ=I^H7>s_~meoA-iD*W> z@=%>?_@WY$I$>!+Q?q6FHYiGT#WQLS;d|kq96%;j!$xxsx((Dy^Q@L`h*BLL2%E8)2X0B}V2d6XFQ6@rSg00*BpRkJ*Wu~)*d=w= zDx1TwjDz1k-O^&4%bTsCz}hjHdWZG|U;4ViV{LI-QD9?c;~RVOE7hX0p=eqW*xt1DjNMEx&*4VAWJz)SP&M`>qX>buovL%CV2^#(hV z4Yk=ghf$`N!w+XCu;nvN$|9>jZ=sDzL~V;Ttx~@vBo6Co%rqj|n=iLZYp~w3osuD> zlm5m7wTpA0waEynr8z`f>L}ofA4x#Mau5}5)_4o$Tb#-#kMm{Ic~53RlN~C9f%4IZ zo(fS1VSK}H=V3y*B!M_O#S#Slo}+Iz2$h(`40fN!>2-GjHp@^xwAYsswYOLJeqd){ z1J(*z`x%WF3K*8NpKT^)&fEJGiNoM!CEbG-CRSg0^_N!%Ds)kgl!L!;+wB(0RleDN zC0AfHa7H1d88iLg(g%Ki5$6pUePOGPRDW;LkP>E&# zEG_aOLPCf+*%zdKS+y)w5Dw)j zoatNYvw7WW+1i>a)jP6*cKQ|j?1TR#yRCU$Pq%F~HaB?7Q`rCWQ!B6eQ`+z|#y!~W z5!>AMFH+-w*SWxQBj8jjCXbm1yT9j*5UaY)wAtRkDruNtfIP@@z$U`XNA65!oJ6Lr zNUg0XB%5uT15DummV{r2bw(%~bB>dleNdE7u>rC@$1A|ar>{dhraRDR5+X@<CttYT`5V_UD<8Mmj=tunmJ!CEw8s1%j8B9D~By4fWc>vg3R#(+!jiKda25Rpp} zZM0h?h6fV0zt?Op%PbuQe#T?EkcR%b5D~?gI7KR^+vaTncW#2VkQU+82vWTFp~dj;nsX&-uaFDy^Q?^A`E{`>Ap-Wfyn3)vQh6TXTVvT8>cR`hc}c zXj1|>uPyHbM0~mJ=-@lk$M~er1kJtzWbpZ>1YvWj=dDT5{4vf7Y4}U|^%8A-<+XV> zwbZr;;s>GkJ`I!wgBIz(aND1fr~e{7N5JouvwT*bF$}kb?Kj1t#GF41$7i(jGa#6S za;hi}?S^dclJ@EJ%*yiN`>PKCQeC%|p76g&dGCH=25(1|dxl5d#j+g=qJ0^khb{lY zwaNZQ=k|~C$e`>A_jRb=iS3VC@(dgVO9Ll|6`Dk9?Y2u*meCo?y z$d%U+wDZ=CNIQlQ;=cbaRORymppi9KoN z7$j@^;jF~bS~<39xs_u4)zt9n()(sLL#~>h^4iuwrqd%FFU&*zo`q;pWBw0Sc<_?# zW|Q;s@

SPv|`35-K>Qc98+4&+CWu%8iX`WT6QEXTa`5{di!DaL+|az|+ECB$~=# z<#N>f`3BNN&}r`KNo9O8c7bCP>;-v0S4n=C$@$%!l2iVhkCa~(x&;Doe9Loa0gYFY z^u4KxY6DYeRD?#aZLEB_3S%`7s}xFCT90hWh?)@Hgi$k6mQk-9X=1^~@Lt;@qgdW@ zsi6D-8&tnGgu?T8(EAU+ zoQo4}QxelvQK>`a#_ppl6XS&ZlP*yfzYtR$L3w>KGU?YrH8K?^NjuGh1ZhhjBOlwnqw=u|NZG5ZM8 zfRab_e-Jew;2_0sjBobVRBD_t^Ni<5g3E9BBwMD}!m1Q<)Uqk(T_k2_R$l3n%dO#( z>28AGRH4Mo^b#)02pi7o%zzI)3HIO(8{X!)V9UcpJ8(yp!NB)%}xQaJjc0x&7gRN znmha`J_9+6xVyB*(dTGYl4$3X^YKrkf-t}QFc}m5K~&Az$WeL0iUpKccOi!MPKWge zyCk!lP?9{AfSoHT$Wn9g8Zy&ZeZl2mwdS-u0}qD+Ws&uX$%TLus%tmbD(QBze)Zz^ zBa4B@vNEjv!#8~s!EmhkF1#zHdp_X@C>RRDb9ma|`VyJZp z3d{dv9ynafu3QF5+YHPF)jWP_$ zToS{@Ei_c5n3AiOpb}c=qGQJN_Iek7OX$IfJ4 z)_%*T{fW$@%Kzy;npc{{+jFPYT*|rwE^h5zdCH}TbWzhih`(Z=-^T-_@+)@I-6)Q> zcJ3FSm?2LU>B$>?oxoGDqjg;{NEk2XodW7ob<3Vfd1;fu?`z5(Ae(<_1-r$?Mkqfp zCJ?WdckPFM{JdLHLyGD+-Eud8HpATbF1iNlR_JJmRUc)u{KEOC~hEeB+T zm}grI^H+lj*qUidiR=m8IF2zhFMH@dW%uxaUThs8hHdzHPe$zxo+<0`#+P5Ep6N+6 z;s;uNzQ9bP>=z6Bl2r3pi>{cA%`)xOde-1)$fsR7qF27^gP-dhF8kf*|4bRC7dJ!l zpq#1d@J`|Yh1wL-hUy@C@9Q|#l74sGf`6<`T-!_6sZYtXCLNzgLrA($v5Nu<70g=0 z*a49VLi7#2SXJu|{zY&)(6@IERIH|$ZiRISv~WMY@gLZu(O^{JtMSliro#@4T4+GeedhAyOMbF-YtMIh==9HrHH28yWL? zaDJ~Qg;qZUg`(Z7N4B%I%@`Mh{yGG5CK^rbA&7X`Wr4_vcuzMNuMEw3;yz187!()h zFECR(=vD<=&e59c3L81Q*OsvpiP5)AvYm)qeYhh_TN5o|veoef!%*o_E-5fATEKwB z+$fEh4XVFLLH))`Toc?HGWp|F(*)#U+N*|mMi-yJg>fUtuR^=YtC7mlGbaEVy@2Gk zpo#6%Qcjw-V~vKMVK_i7hMKIS$*Qkbo>XfPk1wq;XopU)1~4O1RSvfJ<6B1lu{FVA zC9)vvC3_BXP_g*UAs5}@>-Mr*CCZNR;JYIs(#p8B#h)ZvWZ)jGwO1#3BiZIcpwm!|a zVD8(&j1AIHoZ-svX|KJlFluc2Y7+38DD2Lv{)iGz>3`qxacw0Ur1o$Z!zIKfSWlwq zX%m$giL!y2q{;6m@uZ2HN@b3qd8oKB!ir_t$Af+ljsQ;%wYo324Y@eCzS8S(H1l9t z*RA+AT~tCNvSO$C_22WWRmrZ;5$*j1Qn^D&>1rcYipI*%9fmAuHU&&JOp+!C&(Y>1}| zCu{S%n;-Itz6r*HciakTs>uM7A{&a-loNMV+2n(;(lt*Y!MBRg~Kv za;Wz=9aE=xlJm%eNpXn zsKhN@s}a10n2RQNoIg$!x++=fnxz?u>)Ibl*;0)5mCJ|=+q|q=jXLsH`s|sm(mb2JcT7$YGWGIU8uhD?>7h? z9?%agFa10YmqxKc@KFdqQLc@6-$rsJLR>OR@BD&EYN}o~J-o6L_KZMWEuz(TJnI?k zHZ}Ee8+M|l`ELd#B>or_MPrz&lWI#-O;3g@foWfEnSHIot$m%RZOzA9a=sdSQ=nu| zl@C$rQf+>kJ9vx)lihSur{u(EQZk{Is+bO*>PIp};q&WjS%VkXpORnpeFH5V^U$JJ zd=OgAq6YVkLhz7`C1zuX!$S2>+!~H$m9vDqDocrt_T&lMLY&c>QJ%MwO!6+0Cmfk^ zTKK|tnAIm&aae*gWE@ytLz$Zbfbt$p9$j^!b%c#j(&SzG4quZMz9lP&4#Xr zL>=g^NE#r9)aq~3zrD&Bo=~xu5Ws!DX?=%iiq(l}ObDz)u@-kGF>>jJ5CP{Akmi418#*%bTO>p)rN-B2wR z7sbxPG^2asWw}$aC~)-5Jj=CyQnyT>_4ft_<3bduP<=w8&%hIw6{O6LK3xVcodG;PYq?u(?PER%$z6MqFJ+Q) zPqB#&qi03feAQM9OOBk|=S7)ZR=UeEK@<6xMJb}G`N=Jr&t@eEeR`@#(KXnb{VcaW zOSYRsfJcZqvXE~@k;lmJ8R;fLsXkqvm$Jdh;c^@ef)J!2RmSF5GZ-fX_u~(}O4t0^ znD^Rp;*WDtnrLc*)n2?om?YWqX~FU(!tT^(rginx1f*1F$Q2htY@Q-IEKs|!%yBfG zxpZ059Ul=JXZ>weiQkKlVSJpf1H5)- zPlM$UYwTZj@!Gt~7C|%vIo03%o<5 zd>SEmUX+6%KiVBEuY-4+q)sE0$F`x=0+z3h51U&dM*NFASa$?zy62AfCGjIb)X!JY zXJ3P6DC0+&*}xE#Bu#PZrkjYW`srTQ@-VxJt*u|Z3yLqb!a>|F+dXhYN9wzBpA_y< zsxN-+*PJ3x(}MuNvnDj zt3-w7)bFs6_&Npb=POYgXOFJO;O@42L**^tef^^40XTvar_De68#ZPX!Y0j7P~Xa6 zgJ>2i!M_m6IlpGW+ps5&cR@ZbU+-IPTZ?I+*LZnCPgfanj3*;Pm%2%#Sn7Xywyr8F z@8d?HCI{bls3SITo_Oi*sxMZp;!ydzbhf{)IVweQG`ic>CGU(B!{gRTwBIN$!7gQ$ zR+j`@xjSfXZuOlD>U1K$XCiy`1eCV*YSWN75CHywdwRO>VN8>9Hp5zpb;#Hu5Oas0 zy--P)4U@O!w@X{SQA`%b-n^)cu8DP`z~{qYNR(q%+g7;utjXV(f9MtX?D^wobVL?^ zOdaw6B;CZ^ODHH zV|DFg(1Nu4V=)%Dv*1>7UHw~*pCeV3CTLh^D}J5duyH5$LV=TSn(c$Bo#%kBPVPX6 ztu>)5n#BtHoZ7p;NLMP(rlI0AOD8VL)cvswm8q6Z%xon;Sod4~3>yYD<=wd;3IN~B zHY{%q(lHwayI7MD#owB{^rDs)W01=gR{B{CrgczXRS_ptxcu!@)EF!w>aFN;9%#KV z|6moUG%*HmHR=W#k~4%UF2=*hhhoz^ozGXL6n%Y{r5NR+)`|q|gisx+v^ZgHO)n0~ zrRu*=vrdRMYd%t9)!i(Hm;ndImw=a0`cQWZ-iG0{TLEFIW+`Pc!Rh8!zM-w%jcJV6 z8Rq_%+Revri5Cu_Z(fd7Rajs)nlEsIEg(A{%_?$fLJ!CJ2&$TLN5XC%w3Vg7nLHVv znKh$?C5KTI$cnd1`KHb6DGYs`l_bt?_M#LnUf6QXou3kCJ2h6Gfr~rF6#CKlW3XuO zDSq4w;7f359fm7UrIKPSmU*Zm1@QxAqrmOe1r-rpLs7~1U{SxqzeweT5B8ScQK4EI z!GX@*u!~J%aeNj>E>e-S|l6|He69L+j2BAP*x z?Ktk#X13QdaQ~XAR^+V%HftXCWQR;&YMhs7(N44N8>H1$^?G^jp-4Z#xTP6RH_1}| z59;1Js*Ub#7eV?j|MxIc|_!=<<4e@?x8ok2)W%Jq+E7L6f$^q@nBs4|m)~q>4xXGfUL`n!@5O(!oqX?e z1*bO7`MzpFBWm1p=w4T>WtChxGh}Od#kO$RvjI|cu8+g+c#;u+wJ-WLIm9PeoJ7pX z_VZq2Lekng%Xh;xnHcg712`gY-Xg}?NJoZg+;J!|b6JzauTZ-*MaH|{4b&z^wEy5|U# zJMF2|k$m;7lET9e>=i|r9JK8Qtn5Pj^=@bqY)~@Sy;M7pIUu`N&vtpI>+(^LPZP}| z@E}$8HAa-a$X3#?uEpuqvCxc9a}wu0a31Ey}Yw^2Frp@Uq=>;<5}cl zxNInwX;x(xMA2-ep>Ntkl+5Te84yTU{ro*DxhWl5N)&`?9`u^S1SX^XO@rNxmEo(_n&hCr6rN!=Q5s}()EFhYumUY(RuMIY~hJmSS4gB^9)gM*D8A`F!D zK(=t_yf0tHsmH)@YnWNQ7Iv!^4Di+0j!c>um_@hk=;#3%wZ2{|eD!3xJgt&y$~cCV zs?-PC6!EAbD-GWdXs1Bx3+qQJS$207Xa@1lve_;9hqeJ&>7q{rb4lE~pj!v}ON+9Y z%AQr6Rq1bIZplg%vsxaHU%5`Rczz-u?JfB1>|@o%Khn%66v;eS+;eh zzh(lngyOznCX#ayo=|E=xwdPz{togFgkI1G++%@M6PFP82McA#zlepGSYGd)r@RWJ zdRe!VkRGh)Vm~&HNBtW5BJFnf@e-iWtoRlKP?{5-FViBS+4JD%%@qTsAe-CclXR{J z-id*o9$qvA*tQl6%2)fD9rdS6 z>RE+Gi0eU;(R^Lw9^$u%;2I@tHg)3ib!w>oOn|;#z)iX5et$_jZPbeXJjMIupzkr= z-I6~oelIUPy7&4xD>rSTLVhiOQEQpWYF0@KP4o&a2sBibQ;&`-Rc0i?>rrKDLL%JX zHSlxbcKuVvcC~4QLQ%tcc>GkF>=ribmM3Icq`Uvw)u#a8SlX@qMj{ogePYWNK=AFR z`Wysm=@1IvSOCelo3s_tb&FO-v#6S%8x4i?b$f%BKa$l8$_dJF?0HOniKLQ*b*m`T zCWU0S_~K)Q`C=S924z-4PvU3%=wG3Y;~?)EdX*WEGn)oT_sQ()`6EX5SEZ}4^`Z}% zH$tTeio|1gg6rHpQTj(OAdI8E3QFDu&a7Lz28*#A%%6s?Ac+~DPM&8vw?G@U18o3N z=LKX{XPgP5aU7&>YvJQ(pdTJpK7$eOLs--KgEMtKiAE|xe&Wf|a@GB)BF-ESJ##w= z*4mBWpU*5S&cU&TAKrMs0XC-QTQyUWDqE}zol+c2I8PG^QV1}h+Kl&@O~w&vObN?JNTqklT4!D_q2%+qdN^uo zQe%~925h`CMy()+b7!0Sq~EzHGZ_4oUpzh#yJ^yF?Pj}lHqu@{Eb);WQWE$s7N9@7 zq5~$76&oj81r0=QJ$CvpZ^06P@$18E<+Xk)UlR-7JoYy*gNhwjTPIw#vxKh22jBn& zfFfRO#R(#TPaj zjMMwRjRH(ls}U8^;tT2A*BBgk&mnyE7M?5>%5@ZlAV@#yC4Q~$J`qKZInl&@7c*#e z*^sr^29iMa+$|DxCN!Cw)KE?I6s@_~PgmpL2X^kqXD!%{_9l|0kHj05e#R)s)lvzL z+r2JNcJe9D*T2Eu&%@;Sld}GdLBc$;A6FS~`~x%_h47^}Ns^pI+(M1Op-$;=vFex3 zKr0c*c0Eiye_UWe^}TjSJ1$q#M|iz5NUfzkl?@oODG%W4pY59YPgcXhxMODh04sh< zGYNfE*%S6UOFCu=8I_t;ysq9i61-TJ;kdY470t@LvAf{If`JsiTNR~9HIjFcCH2g* ztV?~4z3hvnW2&}-th}KRSMKl>m<)!EnELq~FPA$n?$&|ik%dbW7!}Y$$&&)|)mjQw zK44SCR?j~*!pd-(=!T-jz;C^5#ix40yVGem&v^T28$C}KosakE zEk+kM2dcAYtrF3X!4DtUmP{sJxpQ`l4M3^9sKjr~2-|Ny-o9TnW*+SM&BN~2ChLpS zfU@Iq@*cI334atz%Lbt0IaV6aPg%!CMr`LcmO659Jt{@p*-<3=*_IKMl(LQH=Xmw# zqGOi&Hdv4+3rLfMPjr}?R4C`5iFH&NW6Ii^;0ks)C%i#z2l+cwGJ+M^yO3mmi`O37 z11}6VPtuh0Ti^KO2wK)u>2AdMDJ+p5Ts0;Y+IK(#eWM)@=#7`VE3?$;ZMeqdo~J^g zX`&csEKO0*UEd-NPW-N^R2v%nJ}Fm`y}c47>a|779Ktqb+l?CSops}9@Z@Fm-ybTY zQ_?l%^o((_LL5_2fyci54_nPB@nrtlG#Xzg>=Yp9TmD?Qs+yVi{iI$7aJ~x* zRgnj$p|9;I6K|D^eQQbo^#sEj6=49Fpc^8Odx$n>86T}Om)_-hN2Y5T#hIvDxii2~7kzVH zXkl=<2I%(&jobP$d70Yo0MDxuGMhhnH`yO2@1yQta_Vy27@}XB?`)!Vc5Kjo#T(db zGIVbU${G^FJ$`kHhJe`Vxo^-8Rd;t~?6P_uEzaR#7Vn_czvx}z#OSSK(Cz);(^!Dp z%Qhr#oOp)aKbzB7_zUFY!e@aQXt`1^;NnkwIk0a=^8*h0S!-jmmHfnXt(gt0?E2_P z3XzAlZj;7Q)rF)o2o-o<*I`z59u|-hNT0JvI7ZN`zB*r+41c8fa^ILP29|L(S>Lqj zwB){Pj8CvAk1%vZ6+x0WlUgw|#q20zH4$Pv-M;v6(LE-uIaX7Xj zU>L+%(o!89Y6G?fD z-PTy8U58x~%Pq{PDD(}6!5XSAV#;(=JH^ir?};4f!f{Tflg8epWl56pn+FfBn3p_qI5m9$6E=IO*}bSTcr z(Y4znKI&5@&pz(#@?@8UEr+kM!$0g#&PsUZNzF&4@IKRxs|f}RhGPtM*${VYdTJTd zp4FfQ=(`EdRUgFxkNQg;{=s-kG)H+b9VfS({gU*OvZ~=2^G$V_$(prF24D1!z}-u7oS46w^`Il;RSg z-`)8=0@=dZ_TTux;(`gr6XWgO@F=;UDpF;P(rssIgzzIQp-4SHMZoD>`I7hMH&VLX z*qHfKd*my;!evHqj=lN)j-qE{#fsuXR>8SYNWs3CZ@_Oh%o?}5X|c2v^tOThz^@1U zGNpk;>#w@RWg^1{%5C}iO3nu+h>)J#1SJffb=&EEa)v@1ltAr^DLPW(=6n3=5M?4H zHifgkXbHs-#1kUA1i6pQ-xQ3}^fShE?H>6P9V9ClVYy;cie(BHl)MFSB+Kck)`?Ao zWPC~67vmMn8JnzcXr6oMf(sx@od!?}4RR#CLtG=oiR+RpdpT}dpYZ9Dso_FzqK%=6 zUf6SvojDL5<%#(4O9zYe+xl*QBLp)0DQ&vR(Geu?85R>zg(~{19#-ehq{N3*w0j&NU+FFsg{WCqkidW4+QrXu%3c% z_H*0&^O@l!`2^Nup_MPTfK)Y=dWM$OYd7>d}LK)NsYzI+Vc-0h^EL;k&O(Rc8;_ie0&J=GIA+CNVzE z6Abmot~+y&tHI}L*WO!LDi1ErT_6#ME3CAM7iai+b5U(Zmc-AjcHY%d3 z_y5ga-ku;f?2FHqiLAw*?B1H@sGrBd*PbLkNQB+@)dbVUNS?u|%a&P$UL5ppLOo}b z=mP>N(Vx23&rP>39dJ6&B=}evqM4@xt*W2dY1TY;!+hb_1MhFd-k0A+bYjA z$P&3{o&SMp?$-jNOJPRhdbH$8b;Ctf#4lyZ1A_3Y2_p7kZ)ZPi@*)w2X~g~E(4mI! zSub;&8r=(a_H*w|*3`=nPz_`=ErZA510Di^vyz_ISdEjjVH$1ksS@D7oKRKsPIUVh zn)E{!KCelGrvN~0?}mG?j$w*wK9vXIH{LV_Yf_9C4qmrz)Ke!N;pAHx8~te|9&6W> zY_}Bztzydh*5iH+KmH=9eQ>U2-<-5+-2!Hn+3IQvHCRyT&(|zWsP_)@IjY6IHMm~> za6C%oW*SYkReLfiR6mOi4t@u?bJrlU^0YRc_PBIol%JN!-T6qhyy)s2%djq8_<7SB zr#`@a)<+L(JN{@{?JU_urSM|kfRVJSQh#eV?}W@Rse|b^*Fskq)Co{|zD=E!WO*|} z1);Xb+&A!Q)08+|^^M!b%eLSz2v~s=s5()*uK3lyWu~kb+3VJSIHDNzC^>5DSkg!T ziUkt%_ayJ${EOh=mAq!qmlaw61aiXFa=eul}|CRf*x&WK-S8FAXpZ zwlnoJj2&pqEP4fWIMr?=Nn~BA_5)vygIvEanV7@cDVIpsMxlP#tTSc}+QPjavp$Xs zob`qi*M0S~g*oD_?>?UxJn)6RktZsG`*-<&5q_{2e~0NGb#^XCj*C=uLip|{xlBz} zP;D=vZ(vOpYJMHA0eS88*)3Z;P7gMq@-6%{QRDR8-a|)}hEHGV$frq$;%e%tkt>o*phx|xp?Es6R~F` z=(*Nqx>&gY7Mo!$U8^wj$^Y}(3QdI)FMN!Lb1ft4Gy^J1W+CMwcGqqHJ3v2_lodXZT zlRvl^l;1U-1U{Q?|3x5|3nWVwW=ro1Su)uUq_O!%k=an6)|>WG$R#gx=0{eBwF1oR z1^&6j*QV%my4X`889ypE&)9E8QV#o$;>jpWT;;txKa;;NQa@=slIW*CHExHx8hV5% z((fz3HArc_S=(%7_&nEl&+)^1VsyRKt&Pi?H1X`eGC0mfhPi(c2tny4dw!t52>6ub z6Z_K4-Fdc@#LBM;<1goMtz@aS&wm#Iwfj4Jcof^$9F6YNd)^Crx^REW)|Ru!pg+$X z3wYXV*eQCF4HS!3Y7f*dGE;|#ke?f?Y85~v4)DLCd`$$!u~k)N4?zGs79J`b61_^D z?&v7=Rb=A5diBv$fW>&Xz0bzE=-hGC)a*FjfwAQi7S?x%$_95Xo6a*2wn%atxx4`P z%L7)CEMlvX<#1cDD} zWo7uGTgB~XA?M2P@n0Cn&uiKS>#sgG!>QS@JA>z>8j}LfIpH9Q-kzOTHU>!HhHYc8 z*b6V~Sb!kAxhK9|!!iLhum;nDQD{!7NJ(f!P@Pz&jAiy$q za~!)%?}AJDc~j%G4}v;fJ4}(NNRYdfgayz{?jXW$-H>u8QdM{MC8o9-XZf?yw~W#~ zi1bZ#rKLAP+($y-i?8f)18v^PB*-Cg?$A4oHxZ-1J7SxaqQN%+Ccl)rW7iRUtjgKf z*J0RdTu7!QOJBI&@`ZY;Jzr?-urRt#DHkt&uh>D550TjI(g4An$KNLO#E^=ZW0zQ~ zJ|0SV7pe4pc^nkv*+^OzXe>#bTA&}BUbY*BJuz}!8D8#g_pqWeyG*NNFO8^wacckD z{Im<=)5^Ocb)=U>H-}E?_sMhChpODK`Q6BlL^6X_D_IBj%T!MhJFu{#&o&a+4W@(V zV+=d+Il-FlSoCV~egFfCNsRZI3;yrJrXrLpoPlffcIrD<$S0~^RnWQ%#D^7yVJN1@ z1#fT`&=kie@rvR}*XTZUlcO|v)GP=zwi}_DNn3>OnzJ>I-QZj3w%Pt)a-rKy(kJ z{3t-T@gQ@IUG9ttkMVFQzb8V?6qB~29@}FR+54=NoN}x)eJL`l;*fX9lqJiMFS4-w zf|l_tuNgu>ny0>cbpAwnQ~ZeUOk?RbfV?VRy^i*0v%ODD@ok8Jj;S5M+e(V_NElB?7xns!?V4;a0r2rL1 z;9(;*zNKWyAce=-1Sj&LvuAw8(U0&l#0F7rhF~TU%6{bG-3P^XSAYOsxS+3P9zqacB@aP4+Df>i$w%ecUrjMtzZSJ}n*TM+x^`-M!O$a3suzOi+=>5@lJ zB6rf1+JVusu?q%hoc&bvN?3gHXM*rA`wG`8@{`tM((nrXbe$?TwkYlEx26?C;BPrF{-53%c@!70*F!Oai@)7si)FMd%R9E*<$94ujEcf~zGbKwZ7UP;Y+N$N zM!_oG*KD4~GS9Sv0A$%Y&6$KW)#2T`DlhxL+**)K7yP}|gJ$@N?#(z{*IE13HKyJ* z|M(OU#;K)Fh4MzE=HnX9zL}+M6w}R*NVBiY5pbbNj)S(e|D(I{PY8!*4yTWyJugjO zADjG#k}QK_lnVyq15P@F*WQQ<1n-rZV9fH;ohWI&63blA$$-SBGa$Rg89AoiBg7wL zGl`(4=yeO#{>+mwD{F86vJ;!4#C52zXT7AB2t_e{qkT6QV(Y1Uqsw?gKs>e+IMU-5;Qe)bihqz-mffb&w0);GRe-!V7)9-`(38%JWh2)1fTDBI?@`kLP z?ZTqBDebII_>yoi%R#qdzeuh|E@92|NpN03Sfu%DZrI(zFHw>FTT z<<%7MT$PEgMMTX6`CMQP zA#t3_atk)?)TR--1=XYZh1SbZm0P)K`%Ew?5GX1UjAt4VtWx(;Ii*PfuHC3=ktFqK?|l>7$mbx|C{9Ldjx=mwFH_D zVRF2EYd&g2i~MVKX~DPN16~8kz023U!Dd{CrDdsSyDx8V2cFHtT?QDUp3c~7gZJJ! zy0BgocCQCZys5X9&z-9hiyer@TgNbSeOH8?RK3)*qTF;mve5Rmp16FY?+`{OSH5If z0b5+dYPQUF2J_BY^fxPn_B~`8vDyjS{^vlbTfb=X;x672?6|-)MDR)^!!Aj~9t`4+ zwXJ9@VL@vhuM;L0c_##o{YFHkTF+TrW) z6gpvxBv@f{>Cb5PO^B4R4HMaC%0T3WO%)Qwl#u zqxNg;sCb!?7BQd>z$WZnA7)<*82pQ{l1zMRA{kjZx@=d;*%X7?h`{t@c}JmuE?g9& zycvA_lKiW0@>k!Q^zjw_2)+M-^5W3e0b12xgbz;AdhSl|+0cdK)X6P+cAw|^Uu)xv z37ypx`at+BG~Zmq?TQM9wXdheVG82`uScmKn%@L|Q}U~?isFK(nuE_puykCIfwjrI z<0svrZ+E&{$~07dkJN})TDS+M@0#iv;k44L%LhTsWVI-vAmeJ_H~}EmxnJS^bny<6_F@_qjdewX#2+f1yOsZ*A$l zpsGo~{fj_Nr@cQLzl2X8>2bj!Ym*u(Ub<-o83$F2qO6nBGKd07 z)2M9Xc;|{O)FTFb{kQ*X-+w+BwuN+`^xxko7MAL>`S0B<*z?>*|MM6cD#$*VFz)AG z_UHc`^Z#;!|K~TXQNMP*XZ`sXVOH?k7j!p^FSOQS>=8B$1OFLD% z?+k1)dhU<3p@y$fsf`Qt$8(2n=rQB+}hwr@fo`FVOmmi)Wec4i4F zBnMHku(egvb+H}4hwtnf|fNpyPvJ3yx6TSIbJ1 zXXO<^z>M>xSuV)(IdtB0f=JqhL{8WNG>F(2*ca%y`8k|! zmZuwPR*;Mz&ZsMxECwp|R_aHd5aSJ}O8%t6qwwne`XDiO$6^}}wDd%SuW2qWUXPX~ zg&o`6UBu%aeH5y*Q-egRW)0gNa0$VcL6}(*Wl*Hlw4qbfDNxX1825dQ^6eXKY}_6* zb}H8T?*s)Jo}wfFZ*~eaaenX9_db7q%A`CDJXhCyUvc~wfi`?Kp~}Ef-PPq-tnjx2 znl)FU#ghfP7N=2e+D_nIb?Th$+%IPWrvRH}rkJ445W4g~M#)M8hBQkLvE?f23U9+9 z1YZ|_<~@l$y*&C@HAy839*e7#>xkjpSW+q7G-RPj3&I&wH=wVMk&M=Hc;YbFam4)PQr+z4Tjpp7 zcY~0T+YzP-BdO2a`iX@0%AG0jUsPSetQy*B=e+15Ue#I1#BpUYbs!ju@v zS(e<;ZO~_(s8gq!2nDg7na1p-1b&CI&{e7pf5L81H>Xcli_m!JH#NXnVJkqT+!?>0`{xnLTbY#*7tQXL!H z9|}+N%nLEA>T8{z8cJXDwY?5hZt-qNpgVW$;VV~}IMGIX74_2H@Mgx@_Iyj%$ZgLs zw_445NA?|aZ(Y?(Kr<(m z8C5~7T|m*PK@N5|-x)k!o%(M@a3OCW^Hr3UAoDv$9=&QSLEi{co<#?v@F=$gA(-`G z=$}_J;#q`dC?A=@`fT}XX&ZqGx=RcTA7k%HzQaufj>RyS#@r|uH@Be4Afm)jdic$w z%x(W3U>63x{-DUf1i8~(x&NO{u0>JWWa@L%>Hq&*9^mv#oF2*A+gQxd9;i`tFI>F$ z{?C864nfZw%^9<4TR`bam!PekV%m-YCNPlO2qkEl=PqLBctH%@cSH$iqt0m}jIdre zWrJ$L3f-#ASeAUbjb1?T>N~rB-LBIg*&p@uq0|q1#|>3;K2$ehYJSRLnF#9kzCW0< za1mveO-Uu*Bp{mE0HvHZ-r<`_pVC+;79b$q99V$L<|fAh_h#n_Cc zIM2LPrWaN-UE=QO#M&z0WSoqpXOU~D(329TKtufK5j3R%s5axmnK#BCS~z_#%95Zc z?&6rbGS1nuk{6oV6xno_9RI>RD#@>&>5p;K`|Z?IwNBW-+#s$@t*D_Rt4K>!Xq9ux zZUyRNzXygz#V_($bFQ{*Ll!P_4jbb2jtbX4|2%13xD3jLP zW~|-=)~y--BDB<^%5Pq4WV}?Y-lrqOhF-m`o*r^b{b3#0yAWZQHB7v#S}9y8^;>Rn z$>o$>T|>r7y0dc<%=E`=pm3zRoHhPeB={4y-aI#qpjq4ln9~QU)F8M{Aw4~deZ$SD zGS+ps2p(;O4@iz-kkYlc6E8~&pR0?QPT{fkM2OV)wOXLcN-a)O2WB|^sPY4{V53tmNTUG8b2~GF8i~w#7~a5bw3pNyi;<_QBf$`40j!OUG9e?e zLo-xP6qIcz%)n_$=T8m%k|Vrr`gZFJ76d}}%Llv*;8K7VnXAPa=T#+^TXMy#d@&58 zz5VEwYQlGP{t76#C(s^8+;w8xJ`gCT^ok3^k!K+CENc$U?f9NH)t2*e{++07@EN)_pA< z++uNkLZoNmm|{Fuky!@X^)NCuGk9y1Nf_)!p}$M`z@3_~iZklRYD2x6iS zWHqu;0-KQ6aY#EvnZyHDWVCZ=EBnX1t}wmxqRi@_qzA&G*a-9DczjFkG~N7}FnpoQ zBPQfcCTgB;RcZ1cBeg{rp{jRm?`sVfEJjuaSAHq}$Arx_w^26+%ikp}b!;p}bl7Qo zOk@2)S&9%PLoYHg_qpXiU=9dYsa37TxI^@~(#m&gxn(PueWP>bxUfQ8BKRUMkX|fU zyJ_IQKExWn7O!q#IA-*<98$p3kf^xlpv;MXVumiZR?R%**p3;VU~@nhCj1)DlE}fI zjGrQ@v;?@|vd<)7d&f%bk1Uu0bKc9ILqIAxTbiMeCNn(76rH0w+!DDJn6DDBvYsBr z@ei3Hi)uXiF13o2?~dPg*IrmJT85X(k0pm`;Ke@2a$Nmb>yyMDJZ=38Wi+}C|D0w{ z3$CQR8hMZ7GFTD-FO3*Mm}u;dcy-!J;K0pYVhJla0a;h^Kt|^=pf`;N%PsZ1XjBiF zUTUUnZ+sAWIkrI$3gJ{tB=S~vs2$jvtS)UN7Wxga(V~j4YpPOJI(vMqI>Ay6KU5b$ zu7x-pqOWolBT(p^EsvQ4?%%6wTk~E_3?f=1Fid)%uq8+5(_+6)a&G;_x`PvY>51JlCGM%UPp3e0R>djlz)%%~Y0CB2+hPM*dfzKb}pq_s1$ zylh9;H$_~^_y(+aG`m?WTFWOoue?Octr@~2DM|Kb zf6uwFZi8I!q-W@u6}!#VyksJ%)PQP3RPm6};kFOw7gT6z#uzp37|f6QlZ>lAJyj`q z;D>^=3K$Yn}F+I)RuXx*}! z=?;Tjd4TjuLB;!Iw;6U;VYO}A@zR1(e9u5%wJfFQojxEAV{=E2YsLlE&uQzuO@uO5H-P^B;-Cr>!+fmHe9a*FWA*6Xgg~= zXndO4Yd|RKK_wGDBYW!LY=7{QsFs=QBsCMZ6lF1NP_T2#wPHth`{Yoty{aN)xw~4Pd}{2 z+$3|I@Y5_2Ec1PyYRS*F5FZBxN-1<|!v$QkNgd=Mp)E}>68QtpUG`-@!Cxb=-TTgtQs!7wfY zEAO*1I8hHX49bwP)mAfob$%*(6_!0MH858wUkJZbWi-NhCzHIaM)9ORwNUWDwFlXw zX>%gc?D8RR<^%hfRjB8mKV)|LGAqZ-qyOAMtR~;6FQem?H{OamR%qQzIbk|yy3i` zC_W^O^}^~eE8)hW>)9y2r3Gy}xZqj67Dey2-kN*<(*@!53RzpgU{ExMy`!y4wyqKD zeB$6S0a@69zOAk&(ZsQ7N(JBXNn8fuajoiiX|4@$W|=rC6Y7J>CD3-$HyYDOQL44r zXA1dk#cN+*Os^fECPpPr0Qdvrl$LPo`2Vtyc;=&0j>!$(%8jBvM-V$7)lsYFz>MCA zf=C6W{#eI<&um$&Wtzqt$}{GwA=z~WW>NeMX=scuxIEAm)(3ru-RBwVePwJ`V#G&N zx7KNBtmE>E$B6>d!R6SV^>K+n;_hFVyyGn5rV8Cn3m)?V3AXJTKcvql3XK^1l3+SD z5s$6AH4sHz_RIqK45!_gMlh+wFoUlIJMz)eH1l#*k#qZ?5xe_SV~eG{EV^FL@tT|?3SX7@}#r(>V8}} z_6fkYSq{qAyj5Z%T@cp8kE)wq$Ar@QN-?i&BJaRn+mEudj+cG0x9|nVwP#r8jopj zzC>Pu5|!fB6T?Ogm2I^@tmj`B?tD>7?L;!{aNTddNFM1k(=Ol~WC<@3=IgQvX$^(` zYf`s*&bLEw0fj6B&9y1IH`Eyi5|KK9^xwg~@6y8A)bqJvoCD&|Mk6^3*^@ozYnTfc zm+lq1Er+Rmz{M zd#+iHWFou~xTvV{;|um`bj(a#J-NsZMoGkj%fQ{Xd_v93l9L7X#$dgJ-C4OnqtniM zpqw~Xs}-Pws>p+Ti$^!EuG}OwITFogzS%OTvYkS=R<(%qV7RdJYf)-}O7XN4W`}Km zk3o8c`Ph9u=P{rZkx1fDL3%1WBB%onuu}TReEa-+@t?bI{cd2yAoGi&v00(Vlp%SZ zU2icG&FWUsvQs2uLR!AoC`3(TeY>5?oPuJ&hLHEd$lzx~>8Q=+FYLsifkld?bdAE( zyLIauqg0*aIXX(2#2~L|aaikk0D3xpxIJ=TDi5Lz2fg$Pr*ABuw}Bc$f9r};ZpGmQ z2soAhp;Reaw|UXZKIhh6*e!=B&7cV|mJZA*Cud**IJ?qL$_$L=mC@Cd89S867L7rI zPOn~_HKz&(y--zfRap;*A?LY`)m0;n5LwT;$ul95k|06Y=w{j;@{ThHg_uRO0iAJ4SWIKZduXa3N-AUF|W^NS$DV=Q6=l znJZ2ZArdjHv6_^ew)uIRFMn+QxkI6Qdfu7eTLiU!WtaVq{!f&RyeFz&7@k9E{g*lD zG9fRriF$yGbf4Dqg+>bQ{rff=s8bSIv*j}f`skW$Bdnj-*Ym0qWeHLEIeNETFR%c2;G~1#VFRp{Jnt1s^@q+we%*a;&VNkNSRF*7-J*_J505^ zHxm&Sy^!`~-$wNSXF6`bC9x)JM%&x3B}_f_0c5OEx*bDF(UG zV?+Tm&;`oqXX%4$fTmI8}Qxc<4d%u>aj#iYE7eI{=GzW<$O1!oLc1 zPG`4Hh)RKr%yq7ZRT((y?U=q~zITOWoehE|*5Db^1V0Y{1|PV@gR^y}XqBHCT5+G2 zMPbA81=Y)umg0)!>S|o5$~_z1>*}H9N^)X8du}3Lr<4xjNEl|f)+kS5_|z`beOTC% zg}QNg;YPIy&TgwaMHDZyaaXT-SFQ;96H27DH4H)+`01zO5lZOd(Wt?cFR~EQo5HY* zpdQljDhnN#IgV7A7+nQbD{BK=3^4hiBVxj~nV;JuQ`EkT`o6bcDtb|V>+-wNb$ADcI9h)zesIhVso=G5Y)sa`*6z20W9Z%FxTYhi z>bBlD%@5$#Hr~^#LvC4p<1tGzOroOmc`ru~rKz;zQ_Omm$k#eIR8-SvI1e6C#=@wh z`U9|L7kvZ>ouAC8Qj)xi@m7P460dlI#L=>b$rC&<4WBokn)W{E-jer+=b^e@EaY=g zc{N57M?_o+qVyhqh71|xe%>Qpt8KjiHpS)hJN+O%Uf1TV#%gc6k5mxbv|x{M{_jXZ z&m5MsaiONtuk(fC7lz zlP8FY&===ZkRug)M)P(G^(RGN9_l%tyEqm?nFKe@8P~B_wyR$~6Jb1TG}@(+I_&z@ zavwf7*T_!$dN-iFs{lBbF+>Jk#wo1Mu(4?sFJ&~(H=l>yG1`>C&GxLGOk&!>g&>3A zs(%L&46U*MD~J#e#z3{mu+MM?I#VquTD_Q(=H&ZWf4XYwQw{iHFxZBbzwHwaClB>( z#g6KbDXc(EdLTEn591LE5z!4qobxWzTAubnl4fyN7mN~^ANMT=3R_OQEY28$qHGF-PUor<)JYAGO>zckN)wVhDB*6#@; zMjaQwlyb$h-y}ojCN}00SFaa$sgD%&U$`-J+3ef7L5? z{Sf>y(7i!;Qe$7`qA$N-l|6vMytqamL}j-P?0%co+?uI=pB3ONR;XvtCniT+1e-FO zX&-Az;s@Yh3=1COGqX`yen*oz5-P)0Ki1RhqqC0iX%RG&-$fM3Ad*i|k#RUeNLK;fS?$&?CZH3>UTDIf@4QxXFvg8QiQ3xDCe&) z|FU62cT3q#GEVH_>LdiHB>~>5^M4UA5L`8e@;(o=95OJM5o~USUBYn(|GJ#U+Df`y zBw1$4mb1W$V-pNdx#rO56-eI{pA9cN1zq>lVRMpKB@1SMUOQ0)zw}W<ALa%2%cV^28ByaL-u@>%8@_Q_Q}#Z zqdp1RaEd(-W4CuxIZGFCjy`gouahM#WqYf@NE86#dw}sWJrO~>zITV~_30*#c4#Cw zWM9DYvNK9KD#CbVoM;vP39f%4*W0-18|}{Dmwp$+m<#3oxSN36%-Z}8EreEl!R!^2 zmt#{d%kgQd4u|lTZ#=S{y|&dFesI7 z6XUW^&@8h*Q$AJ$5pQ!f_N<#zSPMdBR9(dde=<86&$(cOwV~-rvB1RE?m9hPUj4#x zso0qT``7o{i8$`BiYth!e<@JSq#(GpVmn>ri*mSJmgUdnv~K0+y*}E` z((Bew@7n>G_J3pl6YNREC!Ix!gv^+$<(aH@7#xw6{T$uGDLLRrGJ7?J1s<%FbCn5mlSf{_pX7`>xRxxKE6#GI;Q*6*WnDtVFy zo(8f6{T!*jV0vZ}QyP?xB(y6?u*LGeD*|zZwGud4oTfNh^!p+Xx;j()%Wz-cx6NGP`@) z&dM28zn=CVN!R;Y__Yq0`o6q~b*IUO7{Ovx1| zM!CK`Q{`IDSnPhyiWn5&QfM&3*s^#(v6OZm@h)qu1wfqMxccmK*6Ajq6@CegAM|jq=*0 zGSogAdT@xRh9x7e`8u%j(jtIb8e3M{MPZ~4S!qy;PLNh+qrn<=glu97mUB?|1)%pJXSjokZ!l9Bkc?+ zT_(N=uJ2H;KvN85nYsg-)y?lff#(*#MqBqwle?&bN2Imz>V1BJ!}hdeq@|n|@r+9E zmF~>r;TF;7KnEG+P zK;N@JeJ1=pL<3P-;<>sY*Fr(*@vPA+JPHV*s<77(Anz2#6O-1*k0Hqh6HDg%hS!<) z$RK)ff?)&6pI=1(d60M)dH2K=I{eqM?<`4D=dy3`&)7vGb%Rug5n|NNwCUO^O-|4V zm!t|wq~|!+5%zJSUG%szL!XZR`4MoY?SEU4e-ZNj@z%b+IR0}k$)Ep&y|<2vt9uef z8|dKHxCgi3?hfh3f+V;@aCZs8-Q8UR0TKxA?(Qyu1a~J$UVlHnc{BIUOy>8;yjknM zb>Xbu-RIQar?%AIRkf>X7yr-Xq7B7)7=y-Ya(kR^KhF9Ma6Y;J6z09V&Rmj^6yp@i#{S-FqWc+Y-RH{yY4YH6pU$)F=W&qH(tdKj zS3fq_Q+QBWp0z%it?HIvw;ZGCALsYU|H1?O_skBv^7)%TuE0 zWRUVT*Y;jYjDz67Y0Dejob(HYOE+DBl|8Tbc%rIqv|>%40L>s6t6!isfA5p80z%L` z{5K<7QgMc-XGVFNE*-@$y3YA6xTfW2Wk36l(s&Og+jiFQ zh%GBL3cn{oQ*PH)2tgOhzcv?Zi;j-6A$%XB-tkJN>9SodVNHo8sXvO+iP#||O4VZH&bOlSDuv%2lVmma@mc4h z49t~n3<7F!UzZQAj-aa=6ym<~H!_JI)En7rssBPhw>{78%o!SfT;i5<~BU+XuR5H8Vvbq8c5gqEu!WKb9l)56D15+<((gaM|5> z>G(_4Y>`hw-iq$OGS9B~xAvX-XLe%#&%7;OeenkBzJLmKaDWBCL46!B>vnAFmjBr+ z4ng!c;J^F-Q8|?KpGUzFLLL9lUQ~|QC@SDA6&ab-;2&Y>iGR#U<)Dzq0Vz0_=#lOz zj75F;Gw?GSSpO6zR8DXd9O496gs4*zaPegujA0y8|7k`l?^?Q3@d+YA;R(4%>@BIo zN|W>d9N3tSwi2v_0-|D*d&Hv+tGO!o}@ZvlA3pCA4EPde8~dWIxxOlyx@_`<)kfXPpT{yo_9 z9V)NVVp+vsSkM?iB^G}}hkg7{$EzcRI+pM`CxW<7CbZ~y-tnhUN}vCF%<|4od_db1 z@1D=+Wznv~R%LJbD>pTh4#4QY&isVmernrz*9z)3T{aB1qr@JLh2~C3poSv!Z(HU0 zdr}y+?PRPp+6!R!1YH!Wm?e?{qk?;R?~+L_Ye2b@V^HhywgjR!WspGvkV5fZ!O zNZIb3Z~Vu2_#@5+6pZkxKHPSrb^ipg;j1vSR+{fG1;j`kxW_>(l>_B}2)|(`6@a zlpHU6cON3JHt?q&gp!rDbZxxk1`6Oda{veUM_{Yh?C<9Tj21(D!DIgaRRt}GI~EYt zPVdtK70CaZkN=4Czjn9kb2a~jvk@uH6I0xZ;whzP*Mt(w{vS(r5G%|x!j^tWK^Hz-=y0i)dXHA{1|>D@F82V0*j`77<>m501O-u1_%oa2Ltn$gEI^W0QGNHHvG%GxpUH>3iFiw`x(^1`5*qxP#96n zC&RFEUC)OpnGMySC84b6M0_yqbZc=~!}(_+7G8t3W+1->+_wCy%Jy6A< zv}27StCq5oo|UHJg{(@^!?36i!uIX`travqg|+X^Hg71Dao|a_zg|l)l>?R6NBgsS zHRO?X9mI=cH13{3GLPJvYMAN@*sxxrhQ5(etS_$vk0ZgA43;^vKM{5zBdC0HNl^E&JCel# z(j}|$blm~UhNcd8lf8QOIPpfM(8$DrQPm%g%EJYAqj2GJ9cmhD5aSK0=g8)d6+Z8u zd%%&^jlwuU0uo=6-Ii$&^RlzEPh)bXu0On8h`CXt*5K^4!b{45n0Fun?}@LuN;W~s3b3;Bd;G%{H?M*jx5gw+oUW}Sh6O1(n~ zO9l(;A~Qqq=&{sJIj7EQ=A25Qi}Jb$+A0CQNV~xk>=mW4u6W0Z@76T?;^d3HfUrWn zV82#v>ZJPFt@L!7D!ycbfz?bg+#yBMSBi%kZovfMGEt0PZ)(v-F0q^JzDz?;%OeYM zjWW+$y<^_9ms^UJ2{E4zc&yK#OhaXBKIGevOSv)byp0xlA{t-sylZ<-!SS%ZrSf3* z1Jv6xOA_=qJhcQKB%%XyXrOc@)Qz)Gx1G}lHD&wS>G2Z~(ydK4T`J%*fq@P6RVY4=YYpguY(eMEi(Ze=@&>KKmBk>pt){Htnl)FQe}skG50F)6GfXA0J-ddKuqA zgTZ%q^o=a$grjUgc%PO&S!3#rO^ZXVGMJGG4LN%re*+kJ%y)f#3?={rtc*SZ_BpzB zK5duDLfgo-ron6vA2DLugR5^&Rbgu}Cl!^LuWl`NVTN<&sxtNbLV2Ls+3bUcam*<= zN&4q+SyMnfbW2&FToAQJ9K{;LLJ=?W=DVh+{#zY`73cx1A1$!r>f%6R{&2Twm``1n z_EV)gV^@b6SWn0r^%|xz$7g+5-+Lf_>4Ro=vhlF~oc;z}vcoI= z!WhL$qwcMLdiV_x?4j8+xOu>Mex3`-^L60W_QH`xrhr|ee(jnzjT3@Mv~4OFn&!Zc zGh|{@;35naE8o^}blQ9g+SML6aLLp=>>YMe*ryF7bH_Q z5>%YX01r+mOjyiET!jp*&rf`kl(@(G6}OoNKin8`rliwUR3i~qhN|$jSG#%WP*%TK zHo}P)aqv4SYvwc?*q>YN2@tV%OizV~6hbpe7Iz~0V6azLU#&}zWJMBWC;0w1ARIOt zYY8!=A*B^nm8Xec*J0sNXNo?^1T-3q0V1g1aR0|r@dC_)&+_HM$J1m7D2^9%a-aJ? zH!7lMxmRpp7h|#hvQ+F4$?Ip@6x0AL9E6Jf)8*>A7AV4SEQ%u~rqH52&7HO?LVjy` zFKCn#<2N|W9w1E&V}3kE?m1&t!v<&Dl= zwfj`w29W^L%o)U}qn53c<2;U$XjW=_y_M}*KWhQtZ8%!+Q z#MH8X;*P`qSX70ILNXFj^Q-QU4!;3?8o~7*#}S|qp&Mo1&RSM-E&?S5moJWuLp!fB z|3{PN=I`Z?4=?Y?4J|ZZ{?H8&eHTmcaqF7SXV4Y((PtBp#+qcxQJ9BQP{!OI150ia zTLHq6OQb7{9Av=K#;A7q3lV( z_^F`f2}_Vl3YE{yYd}Wg^_61R!#iHQ_Crq}w4q<~+lU@x#!pEfil>ufojvM%N74AA z!XW9YoL^uOw+vgh}B{0^f}tQ_`#kSD0=tCzLQ~CgD2zOEvY6()@r;^B14V zKE6!1#a>ZbrC~@+Q@?~7{}juxe;TtWLfuFT-&0cgWV}Q1azATM!XmqTe1$JryCsdWW4L!*(-fj#P^pm$v4XuP)D0 zRo8oBl$s5>(JwfF=!0Sih1wG5YlkcZkG1A3Sh&mCi9kKtnl0OjYAjSzGixqRqxz=4 zUh6gPX@z3$Krqv(PL_Ky%|Ns^p))0$Kg}4`9QUY(2BzoNqw@0DOz@zP zR+2t-BzEes!jfOpNKfl(d{8W)rW2s0ZgZisu7i&zmF3bZHXdQJ|IxK*qy~&S61c?G z7Ca-5h0C6o6kC-}C6&f$bld24z-?fvypI?V!YX>#DiKSZ{aL(Wzu}dC1AT0lsE7H!=jC+(21ndTAMR@z_GtAo`#}ahnD$+lTI#s?X3a5#tgFti{XEi7Vx8+H;hsI%LfC|n-^&$rkfbmG zp;rlJAP-s*;<-21)+?>Ms7wvekMCwTI=JIo*iI+ zEwGIGL(aOuG>>T|TEeFB_0-VN+e3s)RWnnn&QDy0XecBq-9t9V+t3)O>5U{8i^1_2 z6vWzA7JaWaC?~V(lidp6r<^|gEvfjL>!tlV{(<(rIU6&ozQxLBJJG+rp*BGvyRNLx zj75ZS(_)1>&=}qhuW@@8i%7;>J}a?dAYMoQO-+J1ciC4Y2X=<0qX1bY2a{;){sJud zV`+uDx1?PUDtOLsu-R9-!&*OY4!|DQu2IjV6;LF8Sf~fQHcKZgdx2ka-IhAXtjYwI zcc2jY`AuP{J#20cB9MTM<2XuniNJB6vZRxb#7z^Ou{3j_Ba3eEfJEh_m4Wo?RQ3`l z=s?`Q3j07{8JF`#nu3wh60bj*@eGjrSeUB_q$a!4bUlhr7LqoZKZBb{i&Ck$@Hl{CIkQ*#oSF|Ta?7~+SdQz@ihp^Q zYz19hP34-PT)t#1T^E1*V@V4wTI1wY?~h!WpOp)c%P_B+31sVnk>7y4{I#x~IxQ5GPweIkoQOvg) zUdoE(i(Q&kmR7#|ru3~h`Rxu4;+#DXmN%taYjOFIb@Nxyh@(d?+Xfl-!N({Aj> zc1Z1M6G zge?q78^-52pgfjXmR2+#5>2rKMacwuPUekelbrOahxgQ5LI%zAvz(QQ5mNWso(@ zrFH)9nw$#8>flHo)u-+(X2{`rRmsTLiCkWdswoNynEq~eqXe*xrcs~OO5}RUe=!PB zi>8-g-nnlC;|BS-3h6x?zlyn5so|Rn)(rMRZJpRr z@ZtH5{mfq~=$}14c#EF=SDoEuHuu`(lLWTBMR!CC> z>V8Ey2F9c9VtVuvIejQ>ZHPIGx2Dg^CYAS5_GliUD#~#tyy>ROwa@ohAED<@F6MnO z#K6*XNu`_Da-zlSkBxVybGLY7Hqn!C(WL-T7!?U7E&N(YrgihnjMDK<7J)CpYNY+J13^OMy_hu!nSe>oQ#s zb^Imuy3Y%}(G#YaQri+b>X?DJ!Cj(Q-r(Wd1fn{>sUy>B%X59WvgPmqwTc$sgJb!`QK6=g(Di}bTTV4@0#(r(kB17snVSI`pnQGXNk&3eydy=j zgC%**S8y9?#%sb)0Bs+>p;nZI*vkUK;`H%g?I}qiliW41Zso+H7j_r?3G*#!Pm{K1 z8nC|YN7dSNxdMkEK2nMGwRrh~IC)RvA|^4&@y5&&iD+w+mte|nrY3{5h3%5PSCfhI zlu3ZNS89%eA(nEqFeTX%Oo7N!01qcW?9gnPd?aEZewZ>e4GF>e>4@~?n~&Pbr5+OX#6TD<*I=YdALhsct;^=8%kEO@3;?vv0G>*lIf zyy@xmRFZ_P;n~YF7t0yf_V}G50{*pJh>i_14O@&pVFs-D8ZBd;+y26u zAdZn`xt)2fCLP&#vU6Q-xrm%9L;E|~k5)w<=Z1%CxuH{LqhD7ePHptseodM?wbf|8 zRuow7)$Mq~|65_z-NqWJ?`0#OhEPzH<;@N;=oC4#S)UashA8BcoAD-6X~7MHg$dk1 zWESwcGPfjT)%*_7QBL$G48?Z6SL+k2Hx;E_HP2WruNA$$1l@Z=lr<#UJVQ#s1zchG zO=k`r*!F@%Jg)qQ4eg~DSfhQD<%vMl^~Hh%hLxX1FP3WA@aCE1SzoJKA{ofqF3OdC z9H=SuAJb_Rn?sx#r9=_9U-aRJo+^lZ1Il8Q>Q>Z%U#ss+%TQzp63}38-Q>~UU34{i z{8ZNWpg@6&V4)&hGO+=v?zqb|#?f>QpYX#u9^*C8O0AaQYuX8HIpnDY(WHu2jGYzS zZa>qR5^yxf-m7{pE6Wci&msHhMFi9AAeMAJ>DXRfX#CG)GaZAGG)pT^>r6Q>! za)P>8`dX&Fa0JtJ~Q4{KCvqr z#D=llgL3E{m$1<>?v`NZr%mQ`5aH_*vMn+H!RBSEQMA-6{Qz-b9{DEW#ac6AVXjyh zs=hvvc3mJr8a5a}6*o*`rNU5&9ic^4)MjV75xWn!(^m0yEA@HT;_uyy7qAMbaA8f$ z3;9aQhp%v5vv|P%}kza(G)@!wadDU@eiX?3jGbWINgL8f{ct zaTd`TR~}Mm#g`L~=jgvcf({Y4nKg8c4IYrcD&BG|CXICy88K7Hf_W7nN)bAxdEE*C z5t100#nTNWQNOIzI70;wM9NRUm)tIIm$%_f7u+P{aI)sf3ja_V%vBX_W3evv5b~_C zEQRm-IlE?eBA>YtN;wJD!8)VXfU4Xx+)D^aVeWaJlIThOSU*$?=(+r4m!R|o&CJ45tnL*wLadt7**zaUla&v>VPN0w z_b7}_KvazE=gaq9aim_JpD93U`sypei82Iv(lpP1HUE`S0aRvAPA+jH| zjRm1Avn_5J+UJUn?4P+2vdWIqdHX4w#y2Ya-R|w*M(-Go@Ui3HKpJ-^11)nV_lh)F z2#Hsa){cg?ruA+h2sqg5jSQ(uk9Vk{ofxvaeaA*7`Lp z8RLE~WOa_C$zm1P7&Rb1z z(hIPl@&;Yf??jLjVKH4)#gFppn{;gfnau~-8EsxM84VLB&nRx!ba1~Yuhi)g_gG4# zpf)~SCbrZli< zdrIS_X)MObbPzD9ypK?vhKO}zvH%L564kXVK( znr59NonhIy535Vbxh$i&g)NDqJ&Qq%h`#{_cO{g(nWMW{QQqE88Vyu^D|dwyOMS^p zOAca)>Bi$XJ6tf0pv~9UIOtx^$2Ob(#jNhid=QF&>pw9gv* z(xA9a2Fe=i_=@8NK!s?Awo#CI=9afx@y05(7U@xiLhv_Y&BMpW2ql+T&Ulu3gVa~( zD-LsOj2)K4E3fw>Cw{fkdCPA;G3vZrp3MeilT2W`Fgb2#Y(yJdj3~ia1O!-&YLJ1< z_l0kYx5Q%N2(OSqWtiuvPy3inXD(wdmP(UiFr^qYmwgpnmw)B?Nc=oh-}(~a7k{kE zSg-@Bj!xO^ZnKMRi;OQ^=24ZR^xQq3NxDrcie-D3JUJ#DB-f5;t?s?)pJ9p@F7Bd1dpS>Z;#iCtrW58Xho9maK{nNmjlJ%LS8tk)2&YFHj9RjwOf;`*1wikTRPV zE>Ug^vSNxdh0TSxwBCEfQyiLsJ9T?CfFC}BgM&(D(?AbSUdnmgi6S!1$TlYN8X=OpTFAvL3IwZ)B z_qfWxr+A z(dYcgq%oJS74P(T6SiqZ>Kt7@IK#@9o-TtPIMlL>KX=7m-yzi;+-0ZS7|hoITq3q1 znWEjGAxP}2*wp=53(v|FxwJu5$3d_kX0$&wQB<|a%RGS;5q@WOe~gP`Rm#(#uag`$ zXEZIy&o5a>6{*742UDpbgln+Of6lSvtGrFy%N99El9o+{Irj?^yxH}dip)+Qdf*dJPLuB!x~w#~epQFHR6THU=qlPzDi1o1JeEb3LtZKdzFCS=fsSm~WkNlF zBTViIyU@tvJ_g-Lm?6-3c@yFu82ycaeTdovy*Ws4iyJ4qoTCF-G zXCbSF)fqi!pUUcf=BiPP^J$EQNkvnVzPE*%Do_xZ5Xqx_azw9*l%xMyxjc8CZfav% z2y|niN^P!{3YyejLc$uOf}~N#Nm?MDuDwZcjE&QWtD~8kk3zRm#9d4&mvnbFRv^q3 zJHfqXZW?LUb5ru;zT)#~DD{<4nyp45mOm(FL`Rm>HKw{Z*GT6?Z^hAKBSPaJX!*umTKUtT_8g1+=@pG6P^p&-LnL+8} z#}9aW!QKjX&Fwd``1u6jsokB>`r`^S`_lvBtcj=&q}n;NS@3eYpu&9J^``e%RZ@$r ztt){k0$QQU?y{e)^r(!f{Jlbv2>A%<-zn$SRCfV46}1_>G7_%o=ISw*B3J2%ro(N; zURFFyRO#RP=23lPJ~XuBWaeYJV2z{oE7>?+Dz8b;_zHa+ugg84mO~|WP9$EU1F19A z3EWQ`bJ800@ z&NKCeLB!KFYn~R@Pl7`Wft~P7CQVu+Gvc6Pd%OZ|c`GA)x3XX?Z|dyyUV*q>)JYGW z&KV_QOD(xX4LrDl<0Bx8YlCsAzmueL#$(8v?+ed7;BAU(*bUDhM`f>CD56j0aDB?LKSJE_tGrX2Xplq zUw&p0)R)6P3CKBRT7Y%_4Zy@~>Kxi+0F0EuKtoZq2PcTT({-!3;Zig-sT#U?(O zH=pr7{s1l8-VM8g@j}4UVsn;TmXg|~8uN;-SDb_6kUZ{33^xth77Hy@%Va`Do z&oWH@G*QoO>SeN^<^H0$an?S9W0K0S9o|O_i3mh1AHg{t+T5hbr6iSV=`M5e&d`0X zzcc{DrQ-rmCrV=G#u1|}>&+9iy4YUZ0z}XZ?WvsveLD7mX8oMdPBEpfx(L&Wd z-@^BtuuznW@T9bVGJfVq)CxjYABFcfFWjYDUBa8ySU4T~-NG(#`8C3te7(rI z*~PdPtWPP(Sd02)zge&8rKa-2vFI$NW_&b!F5six|F@}6tmoQd5ugcrIGd3Z%0}}; z32rZ?)ILUF!s2fLK0(BsbW;iAH>oqeN1jqPV=|BBI|vKiOfU4X!>(_fj|_cA>tTN{ zhCg?6l3x~qN6~ha!DkGE$ZC8Az9G$DoUn$K`eWHNVCZ()Ir)%>DV6)MG+Z08@zSd` z$MDE{@dRfJL9ae^U|VZw(P!>!+Bjf?;+bFUex@B#==9~A$x^3*I5-{#U}g~-WvciUAu2%1uFggGPg7kueP!t5b#D?5{1WW^@c| z_OxpP1V-Fp7(n4lhf<2Y^CNiM;igi=MTEmtAr_yClD`I0*;t!Po547?=DXu9R^t~_ zEn$W=Aq!oSAl^iScSQ@3=-P zSX>~VoXh&Ul^#%q4q#0TQeLuXd4;+fsD~NM>|Q|UlXi`@u30Rzp&n6zX*0+x{XWYE z+4ysiIaWp;(*Xf`>;xejq|_;_rZZramdbA3Z=rATOAyHFDQF4WV1RGiB57k~V`6{jqe z&~r>c*zSU;Kz!%I

1%G8c>_RX+$u&^=%u-4QyA3o2zj&e&b!C0Q$xs^@+U~ zNGCTDM3lF7eBz`OKma!&Pj*BF=Qv$1CH0fyZs0A?Sq!RR>q(Ynmt{&4tT*xx82Du0 z2n!e$zb3voVq=v1@l#DcTA|PP6#y2j%vX&3Wwjx+k0%nq%pJEe%g#PrBMzi}$s;8r zO}Sy1U-TA!=zGICo+_C~N1>6@ask54&36x?(5Z%z6KWZ_v?cs>5P5U|g>(J5Vce(b z|Ni_xrZw_p?CkFK{}+qszYL=PGKv0o7SZIVXW#$DA{zD|7SSfDZt%OBqZ$7=jB=Q44AAY;OyzY>?36ayLF zC5yD_k6v7zt3lHZzSwwME4gS$W0oNbZJCXjPPsd!@lbwG@?2idi-z~qo(MCe9ayeu z8F1(uAy9@0s8{qh&PEfZD9kRtYcs4(Ae>yp*r-CCgJ??b4DA&?KT&p^b!F2p z{2N?9xrY9l+lUDKclQOgW4xZ5g8yT>?*RfUl^-?|DZpDv!%iY(4zuMha|!I?k_29PYlOk0OK*#&`#O9l zZk^Pb^Ty6k$-Uij#VVsQ6BEMZXez)F9%$b|MDUr~Is3kmFm9-j1}$(ckI7PvjTyxFtHfnRX&LA z(Pmwd)02<^LlHn%8hRn1Y^R2P3a`PGE3-eBj$a$R&6m;VoG!ftnmqmu7!q5mPDaJ9 zyH1?{Re$Tp5QB^E;QsE4B6z;ql93eyzIwRzx<^IJ2!T38VP1%)Bt-6Cs(SI^A5~6{ zgJDK2No~ZSCX0})Y(k=1`~DMICQx+XB9>7}5fP-(=IxxQN3PS-<%U)h35~BVqaanX z^5jb+jsC^>7Y$OLNy0A}3IVI6-T7COg>U(v6icH{xN-kKyg6MqvMHVcagNcz*mQE#*hp^h)CpVAfKqV9(T;Im1RXQuG^>Uh^?b7@k z7eM^sHNz{Ug6ccm!%;C{++m4

5{bB%N=mp=6)@&o~u)rOGA<_Dw!W zO;(C=#t)tJW6o$yBpK>2zW{jsaKQUcy%k_q9WBUc#?bOYrk`bv$Y%5mSZAbMcma=A=Waj1)vd1g*eJAlwwOy z(elStTN{O%4^-zG4;5H2S5W6x;B=Q{Qi`lU@iSL@*{1L9N&j>~#EXuZ+f>s&W(~Cd zSkwXrIM5+>l4@SJRjZTYMlWL5y?6708=oK4_;qJaN)7WsrF+fH7sg__KY{2+{|He;;V?r9;YVL&p7{?peo|+SlqDa zKm4?ixez#pJGkTMKe9zH%ayQHX@x{ zRLRcZ2~4TDW0zS&?U(CK)5nRApehv4p_W;i9n-kCd+K8-a7ery|J*OB4oS+<;vs^L zoMUhnB_kq>BD)F7&!C01D@q+gSNinbFhNe4pAN#|tYdZl&fy(QFKY!X+Nz7h@`1E= zi7=gwZUlKrE#com4R%y~ZRUBznl3Hag{2V^yrcvp4W!^KotxYw{0}7j?2-{ zCB-IoR(-?mp0tey9|IQ3l-)z9y_L`lkj9@#kM0{8#c=wT7^-uwHq<5z{G}R?_GCJK z1MUuhi6=0>0q@rr3;B%Kb3RvbM}Dobynoki3bYZ-!1&+;5^NR>h^^0Rf4>jAI_SLW z)9dx-Gjv6h`aalUl!A8Hv9u{QS6wn|$BW>Yy-LriSuJqlsZW9gsrHc0lzs;Vzv>8MK0_Qrp)1Fk9kFU`E8@7P(Lp6N+}1m zzLG;f5-sR)+8VdwD!kyoyw~;r8cBan-Q_4Jg$Ii>Y@WS2Bst1p z5b08j;uYFMf5v8wIn}^0KCQ#^aNbT z_rohMTImUA-l#Cdx1rovRxj6?>rR+HRI7khOx3o!d(q~cOrL59-%25_(VOOOFWs~< zUYV3dV7_)s^O*knWF}pLhX(#;72o(O-tSd>Hu#I|kN@sVFh`5y&GLO=XnRvT!^x3O z(x6VFEYGjM*8MQ-FZ}x%kaR~*2?&ak#40XjUJ(z?egu;-r$T>%tOmZ0?WO6rCZ|G~ zix@6HyoR0P3{D2Jk=a3ix-jD@oxKVkQ(z0isWGRe7DRk_&V?Q|GdmLMAl7ZV@v1}B z@I776r$e74d&gUrd!@A8E|%}Z*d(q?k-|Bfo&R`dL4vbHr{$lXd)j$Xr{I&36#Ej1 zuJoav4Dm+nO23EmA0md9vHEGL?4}ieixhF6Iuyb;G^4-I9 z7*6{hkv`0+c3))H)4F}nG@y!-+zdpk=9$Q)U}uLv?w*lzmxy-&h__CUX8y1X4@C-9 z7;JF!KR#6`DO>~cVK(%{x!3R&DmS9%A$ak>&lqJpdc?2WCN+Q4;=gYaR?R}3xZov|k%!-i)IwYHGbNL_C%Ub8+Dckl*7(ES*YoQcmCDr< zS|=N-k=e_5mHh##sD-;5gTHj9S_{(5B2BEu<89{kuG(J`uBx1yi_bMF%#?hJcM?~XJIfBG015L)p1vr^~ zaz!hfzJPbvVkmQ>A6?29$2?AaI3?iB=@xt2j|fm~_t=HMXO(DgstNF|?$N>@Z&(segkdmF?#@bMFC__+e2s&z0;fkdV;-6DVV$HP;F>7 zGqd8!@bn-0am0EWyBlk@5iDA6_zU|du`~2Pu2mWo5JbFt@C}h;Z3V(Fys3`xSt2*m z`M$E`52;wwvjjQo7m{d*?Cvu0?F}A?MTO-E-h9|Df63pn<((Uq?+cI7{WrHcSlb_Z zKgKHu3Gx)%d8Oq{XWlY9pox{Wpdh-X>~L*Nh(?#<94N6%MfmgU;$4Ulvvw@#S<;+*c=3dY7pAzmRcBB%xr5*DX~bSy$X zy{-Ht$(WTuf{#EhZiF6ASJjQGl#_wPZgSs^Dv4)FQ3&*`!{9=uraXjQJZHrpQBKs9 zm~tXcZXE(f!h*^(1X+d9G`qlxPT+Str6Ns#jFL(agO(kIoWM0*OexQrt_daLwUDasK?0EBs47@S+`JP6Sc+C zES%q?o*j=zv!>s{2bVDx*6l53+3HxSSfi8LF z*AFCgW?0&y!Djyub81~CSd(&!6Pq}Aed|WHjbzzk2r~1WYIfLB96^XqqW-uV^ z>CUt?a(AnRpGK~)!;H3FW!LgDJkL8ILxE({34KOgsT2g!=mcdP4n*D{PI2O(yVKMu z^clmgRw;z?dJ&x2UQk%92MMza??!9TkeQ%Y#T%R9u%V(o0JKf?)wJkK8X{>sThgMZGg_UTFXuI&e^pBh?X=pv$9+^|QZG6_6~oYcVL|HIx}2F2C1?V`hAgAeWm zcXtV4aCg_>?ivUIW^fJe?gR-kI7x5`5ln11pu#1rv>+N4b z9532^hzJv(UGuz$3c8vWz7%~-l0Fe|UAsPvCU8yT%aM#XteGufz)XMI09#-z&6a(y_zJ%O-W)A8;xa=P1`*ATr92ji?XZb9(C+0m?jrbYDURSup%$#lGW z3XRs`u3&QQn$k>muIAq^i}up8F1;q*!9AOm@>?qAWRCuE9(Y3yj`bO!g!5V#*Br&o_=!H>vIwRY%ER69 zuc!uJT+h32i0hZ?{{mD`gGs0z&6asnhz3~+D{m*$9xr1Z0L^7jO@TY@jA zd{RFu;xuXg@>GvxO1-aQ%df39=0mWL6RX-NEXjNNcswh}Nh3p$z#lwpP)_AzEsZ#AsrC z-qyHvfRGB34D{9=RZFq)6*9?0HuF3F^hX1pn+T*$=fueMCDB2{22mKxLOrnzZLuSNO}ZKgp%TQo_r(MeYFMv0xa65W_ZV>QVs;NG)S{0i$Fp4wA1K5&C0phxb#X zwc3Q!)s7cafMs?{*u9cIaJ7AYdPBL_O^2(yb$4bD*6)2PK`Q5-hB;r3J5ZFQ#8aWY z%xQDZ15s<4o=U>$#M5iA@aYhekhTvf$_J`~?&==*dVjA#mAZZ=t8CZUGS<<&eGO@o z=`aHw3UY0CN-ovKfQx4%?KlXk^5?uyiayoVbC4FZ?DU7RBM1_~_HO^V`9+!KgisN# zC|7Mm5dTt}Duorf`QU(|Gj^~~V?4aNjpQS_kMGK4<{}aWUcCqFZF7T=(-8!hqa~|g z_0JdkZ2H#;YT1o#1kBL3lJJaHeSw#^YS{w*^&;lT+%NqAAQG|=Mp**Nv7Z#J_giDj zM~7zT5*KD9Q0=UX(#YW43k=w_v}zMaA5AM6Ts3InP@VHkyzvwbrz3V48C=ra6r9e% z+ckNy2*HUX{sM&mXMtZLwM+}nZIH~z#zws7Nl`p0rXInn!QjlIy(MY2A9=@BYmRN-2OVR zMgF`Jm7P51b{nucT$FuJVM-H%8MJE?1YC2#E&Om9Xc8kxWV19JS^El$nwH)+1oyJF zTWM;+oqAUfD`u&W6_p!RvBW?^j`Mg3FJGpg_4-mU67vs;l=~|0XZ1mbXOm3 zj|c+nEv{7R*dif&J;|o!ek)vBCV`23BRFMdI^I$)o;>-1H?w^lQ2Hn2aqg}tzbI(r zr=)?g22aS9XRvP(8SQa0UHu1#)l(59Di40eglb=6s?2GO#y&=s!tbL%+18xZ0az|D zI>S&WI_f0R5kiNMJ2pCO40auN!RO+`p?tp|BvkM@x#8yW+3oM^loAI99For!V_}zC z&OJMA;+V3^|7j<+A9C}WI6B)I$Y2&Sq)oTU7!O0pP1g?+jwl`sYxM{!#^cj#4#hSu zQ0&>+oE8Noqxs+Lk+M!HXZ-rXIg-i2V`L3;XOA@7warC&7 zoZ=){#v8@I?y|OKK9uNFsyxI=3DX$wGW>PUWg$>6(H4@JKjze%|BYxng#ZMcN z4RbtZvZ@|fLdj1N%#toT9EhkXms))l_s2{Bt%QTzyFo4$1)JCG%gH1z?*&V+`YfD? z^W22;F=V-00dkDs>MqMkmjFkX$0?F)oY&gK$W3!RyMazJ0bGEu)_vuwXRx{~OAIf6 zyBuSM$I!nI)4u@Q^oh;Dje_Haj8}tBI!kNHOfRn3e_K5=^lf$(0#(_a;iL9_9j)=S z4>5pw*NJk)$Q<^5BXna#yo^G{fL|#DF6(37U505Fip-6oGNhL>F102*A6xzc99uSE zbYEi+M>>3UJm76QlIt_f8!;WhFO`)<9vNhZ2G)0yuazo?at`2|;xgIVuhcO$$Ue+Z zswEj9hu&7G3e9_05{Hc+dyW~bX!$~ib1e#Dv zcKHZJ8a1IPxgW=OobiX4XQktW~nP=6{D&B-r*Z6#C$69J13TG^6DbMOO9 z!c($5e~2CopyiI~Yl0cWh(HM}i3>C;EzwJsGx*Xdv%Rx?>9QH7R3YXR@^-SG9zgNNofsZT-INl zj95lIYVuMviv zn(r&kdW{>iWU$Bw2pVPSJn)uOM`dm`8W5^1IgO>a_*9XxQMM3ygrhyPb;k7I?`!Vf z<-wrW+hQ~ydW}C441}qJsF}=BS$Ap^Yy{0y+6Q-v!+NM^;rLw}FEwCSe1W z(eD`D&<9)HIdcaL@FMhAw3d41fdXI`#u-MUU)Z-(fT0sgir?o7qKpbRW6myV8YdHQ@K)jsX;c4Ki=@3rIBgn1k3LV@=+~jNfNmJ#zmc zyx89?Kot}Iye&dMsQmYo>9F)})UXO7z3A=){-)$QY$C(1&R=F;rt#YTads|()3I#a z5pFcF-()UIDp}G(j6C}^(Mv|!nqW1a_ZWD+UC6c*UO(PHWY-&lF4+DUdFt&|;WQ&! zA=wV{X{5Jqp_=H<*9UGq-;@cRqix}+8?hUWndhy;XVW@%cCs>m*$<{I%n9Z1z4TO= zR;jO$G|S0TMvsrDMvuC{qQoV#y>t=JiZ}mgzQ2@;w8OaN;#D+&-(E9_wuYg;(f)4> z8;7;2$EG-6u4{T0;JXMT*A62i<8`5}*A`CX&-qAEM7;xY%_Ksw;TPvd(qu-c1u6ABGLyO1bP5D5 zT0=ye-lJ}|MuFRT?9UH!quj1hlxp7l?`qkz8k=+xc&~pgF6FCA!?O}{UdMZ~4^NWh zZ9t=$_$NxaiX;d@Ii*a>Bv0}VCH$WC>SSu01dFuB8r>Oq=Yv@gLRx{jbYqWlOM{(`ZFpbNWL{zD2QhXC@LrvdYcU1aVoxRre;Z!$|U`$ z*qDrE;APG);r>>S>;CKCAV?oyGO*@Jz)~PLETJan`H-_soIvCnu5v_L+l~(t8gD6b zk`*042!5(W@Ufpz6ZoZ22v`(NR&aHRK3ynm<26~*Vh{L!;YjC8Au&HgG31llKT9@cQsqhQ zINb?sE&f6?MTo=OLzHR2n3u~d#tj|Y^^jw8UhT!){Bc5vv&pbI1beNORnMh#E0_Hq zFA@{2bX(aW0AzwkUL~^uR>N2(2+d#@l8)}rKA_by#&_9?WO#vsgVtPRVNQJQ2qM{? zt?UhmEaYK{Dy`Y|JUa^BSwG3^D$ zsiuwq=&Sg@QFt@1d-N_Cn@?{QGomNOWa-a^JS15ah~zgfGNOqPTX~K-c-iknz(s6s zHkHycWk9e2n*9rqWfuS@$D@MSWv0*5a!K*PX~qV9N8!c-&X_FZ$~#4R(CEOLwG*Y; zez_F-!CS5#B^bSYqH%VdEIryGesn+;GB2ftO6V+4=`4#0B}}Jtb5eB7vCps_-*zx? zVXUuA!DGN?$0W|d4;KqrKZ1$+dRsNOPlj>Obg~bn72?80Tm{=gWx;I88WGG>D2EwB z{){$B^PMQ_sPOa+pGdP|WHR!)p*09*`=y4yM_M<%Yi|CGH(vO8@H3I^Pi1@yf2rsM zK2qNf2lISaZPF}Sq1dUu-Yb0UX-Bn=ByFKbHV+bEOv}%ps0hqS&(*lMywjHL5xwU6 zigF+iMGYxh=QxRzYJFm~NbaJlx@5EV;W0A?>>6*?@`#JV^`u~z<(6g|?ogUxlDt&I zSV>!FnN0Z)t!k>+whC3~MWJMfJY3udvCTqY9Z&9j_;7=o{~a#2rDal@mE|wxJF+0k zzvplUv$d0+%4*udFfWf|aH{BIY8o%*M4O8F_}M$wk-*sPnbNC_7`MhGXG^-94|@Sh zvsz0K6u(gCX$q<*v>exL!3w4?ug&iUX_s}At(oSt0cg&!3PqMVY;u-(5a}rEw@*3d zB^+T9Seq+q%oGBBBXm)YbOfpl?E7m%Glorkr8+Ft-%0Q~2YSaVi9ice2)He(o8*EO zPK8wH`iTm{J7rS?Tkdu;%q&hLHM6~jw{K(BPOb<&E%7|<`Q>q6&*FA#qhO$RDVt{y zggta5uq!PYSpJ-64Kha(#>F79X@lu8vQX^Z2K^H7vHx1C&i8Ruu@A?Cky3GmNq}e5 z_7LO^Jo7EZJJ5b#9c-lXY17++%h@BR8{Jsrr7SvmpRJ1)m_ZNIrxUq?!)XJyt+MRR zF1T75aB{w`b)K!d)jwCmBc?pk0OzOMu8nP=tS$F2W?p4_)*3vgliQDE$aJ1Y`NC0V zH(7Y8oH5F737vj#Dbe{~>Vk3EwRN@TPMrWd8AkCHN{ig)NIrk5%|1*C!uhqFS0^sd^Gj> z+U2v-vBljpmugtu(6gpwh*BH&{R6ELj{A~_XiAr!1v^f$5`8iuX#X$3=<|O#Vb-sH zJLT#KJ6xJ#Kblt%gEnYNhMuKo#MV`yu?>XiFsnVC#%Xa zbN!|JsY4PHK(J$qB+C+3!WHc8N%+&P0)WOHIDBm1m}k* z)L}$41RYZ8j2VV2n{W7kJ(yfbL{ALqgx12^UiBx6+5K{&X@+g9gWHWTa*| z11J&heg8g;R5!dcH@%LK<_ft zfIu;>bk%R%f=+)4Ip~?VXwVe44-~I)%n51dw!`1PH?Gz)s8kBCjs9Ty;RSsZfm%J! z${vkESV_wad73$>D~VkA$P_(}E0~C^QmC?ZiqbwIF_c>=3Y?zRiim{dV^Wgoz!>M= zW8}DLq`ov&8M_n8+lOHFGQ}=ef2{>XVrT1s$zH_ve`#YzQj0G$O=sklTr0eUMFG4?hl>Pk)M)JWeCIFz*V)4IC1C6_8&&emDBDV7GW(oYbMXG$nc==OHA4_qYE~ zaBHT%-nYS2CsN9Wg0g)SFE!DNH37a-avvD0o$8`zB&r2lx)Qr$sKbb*>Irqupp)F6 zD)O(9w&Sd6B|;9K_$VCD z&zUW(j^>5aw_bvzS$ajp>^-HGOi-IcC_BeF9uEvjF)JqK0%8EASvwhjs8KYsfohOH zSf?jR+~OBwD|kEOe%lZofL^}2c%PVNnB9elmQ&fkz+_%lWnJ?+(Frq0Wq^cTl8RPB z2fUCvxiKD=PaAOI_kLhey7{5wxHa9mNy%^`ba^C<+!Cx?K# zeE3Vk;wv9dUweAmK~4-aW?pkpWBP8kl9Qt$nGXMC=Com)0sMP}mUUC3oRueXoY14h z-+G4UF$XOQ46d&??2;cDb$5nPS{*)H@U#Qa#vqD3d{PMYF9y|oW&;kht`i<{^M0MW zGvQ5(VA=aZ&+H%gU6%g;v8L*28{#n1ti--m)-5l_K|%G3P-tNlSytm}Pol?k;gbSc z*VeKLZww9qjB??r^Y<6eKm5jVhv%)3&X6mz2|~4~)Rd&E2Tg5-h2IzfRCjaP)%UNf z2;gxJbi8CHGdD^_S-xT7M)OhAiMb)d$jVl%SGBnA>}URlUmII@3oAgTvoaYXIMVm7 zSz5nQ_j#0z6S0R4Qm`?02j@gie^GkGNWDmB`#p**IRy_f8_91}0yJcVK%!|Mbx+;Y z0j`3g+yR>W!cpVxxet||TZ4l`ZzErTUXj{~+k?qj>zvouU%C^2KIn^`-2Bhi|7)nB zQ?>f}B?ZpE+||J^F6ux8q?aV#|H|O~-wC{X&ON{u7v|8SDe5GMMg#Z8zY}=BWc!u? z1N)%}MtkBZ6YrUFgOF2H`>`{xv?CG0AgJ^7DCv6ru>|7mioE^?gjwfK6k z(f@xQ|9_!Lh(Q_+oyiv8?vDDMi3uVk5})4~HxbP!P8Td9c_fUUtymtW5ejT1H)fU{ zc>TV;wk3Q8qZ9h$8T}<%y2JHcXe|o4#1Mjx|KsSD&0;k7Im3`lA#|53a9;`QT!$1O zj2~CaxHxRuRcsbRHjnSe1_&oRHV;(}6(g@EgBrVZeYqqs9qS=4M&ObL`B~O76dCyZ zu)fG2*%D6~e9shjt4?~H&$sy6uJPUfJpSLNNk6+1822mR{n`B9)j}}kHF5WD|MX8K zZB&A^W|@$2OhuKsd$E*a$?3HEOp8(h`$9oK`gi?TZxn^I1P=XslclW(x-m;sIk7n? zSs#bpctKP6-dfNvVBm;(aLA+O7jvPGDRKt^?RsafNabDm~Y&J{YuJH0VmBt2{g=_o;*r0>3%hfXZ zx?%9NHWA=a17aH+Cg`+HsUJ8;qdxw8^H@^6^@r#T8O4QRHBJ~5<7BZsV(i`hzVfAs!t%yLBDM;=Kj5e~phw*uP1g`enU*9h;1g1t5w>diO;4 zc>8MT18T(EG!_YKZjJ8GT()QM#To2^K>}PPJnGj~DGW>SkbO@jTuh}A|CS@s{1MLk z(IkSu0L=VTg*D5_bQA=jSjYmu>1uH3gZ}zLSQ)d@&?^lb6g_AkSsYkJi^Ac%8IUYQ z*D0T()JPgG{IUjE)G@;kmJswg@B68WpB%&jVSsrF>g%3Qt$#XL&^FwwIx@Kb{zgZJv6#SlKDg5Cjk zCVCi#|0Lp^rM-UTv6T9DrC)mw;7Qka0}3=-Vx~4ysCjot@s<|POQ(#X%W3}=WL^`o z;79PmHE~E^L!dSe7&rNi=m&AGrv27*>Vk%xf^ZC0SNEfjmCV4;2r$m?kb=cE&+}c> z<0nLP)UKD{hk@TDqos&#W7oe(55Dp|#ZYJtXOd`$Z+v{_n$edN77lG`wk5dn7QMwh z^gjBil+=5?%5>sEE`or2ylw%xi;%c)17n-onG%5i0@MZzn|zMQGPz}XrVDlXZBT3) z`1(JMzR6KG5m5FO-38BkoR~^C0qvGOTPP7{gQfohh(}&5s0o8hGPa{$aXN1PX~3>9 z_Hu@LC*(Y2a%*FP0^8+}e>X98vVH<;O&uO#p)bWU=3xVf6o91>C0{q59LOt=r!=kBOHhRZw?Z)y8!4yDIQ=&FhnU7QIzYK~xP23UJ+-B~_!pR(Z zYhFC;@xLvf9$In!0aU%KiazwP=gog4IN%DN{0s2I;?Wn8Np_)5x^jb^JSl9NQf(tD zJ5MQSqj-%|QVhM)1Y`1d_MDu83?w)EBz+4XyiLjZDEf0|$=B}c)o(j?Qn-mNM={L4 zq-l?|L`1+tcj;y9c2fi&3$_vp-~;>auN^J24-(>Hbzgs;O10Ov^ue#XohZNX31aUf ze_$?}`}6H((5Xr~O7_2gKMei)vhWyyllN%X@_hN{)qqwcqZ)nxWIA71qCTm`ZJKfQ@iijU{Me#semWc0D1{AdsV z2oz4Ga~zUsRgX8A06J>utiHi5vS#-Dfo!1G`nK?iDe%48y+WE)YXF0pJm-CMAu>^^ zCN<%yUp8iS`4Mo`%}t&%A0Y>emYK?h2cJeTCInETdx)}WtQKYo2wT(*>rFyTF@1?~ zYiR}WO5ihS0nR@i(#(Z_X+T>57qYbiSQUHm|9qS8d1j)2le;UXiVZ(!XqhM-E)y}5VL%&Y!2qQ|O`h>1iVUiUc{ zU6E>~u$)nlyd=EX$y{WtFr3{TF66G@puElQ?hxNL!du)Jw;b}!SXc=tF^{zFuSObn z?&uf$d{6O8LQOr_ZD8tf85w~C<;9qplHUXkcEut?Zb`B=$NgS}K8kUg7qu`*;)ezu}Gzy0Gtw5!!u4&FM0Cfa)X{a%E%7+;YV*sK_p{LZ z;6KW@1F@9)7;HcbJs$z5^Vd0wNz{U69;)txv$WG;@M06-Q`r5snlrkp@Js#oo~!Ha zhavLTmgZW*1=IHL$NikkYK5j>F03fDr7Km%%xO!%QuGl1$r|?MorsR_aN~T>6?glV z^!O{^VxV2){STXq{LwA(jKTjq9+Ti10O`C{ZeLdD1B!rDN(URy2^{jg&UE&yFEtVy zj*T83P|j&2v__3ChsAf~&7Rq&v0kbFDfoiC*SRGGt9lt+tOf8YpMek5$Kw@GJ4w%! z%g(scgadRjjSwjArCozX9yTGFesZzm3l<5Blekn9c$WAKuwLY|=fHn)b3tW6Fu+r# zRJVV-U8#g%i8!3_tvT^+k69DV8d>o2xm%hd(Z7bVk0BTOHu3<#tO#qEy$S& zd2uj+i;1LQtGTq8fI@Ti$F2M)wcMtSyMAl>UO#Cbhk?STJdBz^%m82!Gb(>?398dN zphV;^Ks|bQgVg8c55hy7u*%SS-zOjiki5dI50{X9lIrKT8C?S@+0dVn0A(Y)msJyD z^*}UIzs2$%tj8^*fK+6G3g)|Wv%ngGz*^~bq7hT3JIKy5fIMh^7x0;^}F`kTo{7x~iK?!$MbVt2E~ zU!txvq)F!zBs`G&bVNnnD5V@6kw-^cJJXu=kXc2h>d5bUzzHH2K`(LGf%NDrZ9L;q z-dm3^vBJ3p5*tGtWkwWXPgm*FwFz253r%_bWBgIHJ$f(J;CH6Vo@;KR2AKdjg z6|-y3YNzB~s(&SGMGg_wtQMT8V`4?9e>#(Xm@ovOQKDR0T>O~KI0s1rLXDrUj}Q}! zpHhmheoViDpT+mox-2=OYbzXCrg=Ak$wyFy{GPtiTL-ams3)X(hlzBP3@=2o>$U#9011(TP3VV$ zb5+l3o#Q{WyK4ndhal)l{sh-iFayKK>i*nyKY3duqhhTEP&R7Mt<(|{IJy-%#rgKqm(DU-^0>E`@<#YK1Z8+ z5+Ko+AneY}@dFR#q2y2SipLPe|K10{AUF5wWL#9`TOT4K)?ixw(=L73#a{qy;SD8? zDA|y2gD+TyP+!v!C_QOb5r~>5^P`RUc4XtSwF4>8_E2f94AOfuN>}~+2Y`RcM{LV| zatj9&ML1D}!7;qYii@Y`i{M}?8J_F9vvM#o?9DD>zv8yeadT-~mXGxBzEd*Su{!38 zzR;HANX#YT&(scZW#zW*mNyjpAoI0BQ-_g*aL`X~BwaNgI_^Af05gIPR#(laK$@+y zY*s5~(--1`%%t`1;L(KhZHRH4{A zLAg~Mp868OWQ-(Q##f;8ga<43WVv2S%i93=??PPbE`C#XP1Yg%Lwr0m=?Oj9dKyTf zNyya=E-1fvQ{|7e4?e|9nG!^rDBh^Q9|g=E^{C&XKDY-yiM$Dxd7;y7-UX^IHO6}u z`0TKA=JBKweKZN~GDe9LjL`^C4M653sdyJ{V~~v7+>>7D4UnY8Bb$OoFB-+97mg4V zat}wjlltI6ssYp%UlZ9B7gF&jdk8+=crLmqXMgFRwcbxK1biYx18;@4&1>soYJljd zo!YLhJxa+$5e$5we>Qv)e%-+A^A>FN_F=kQZ5vsFD~%->_A)MD0~9Bx2M1dF5LB5^ zgN?aMe9hu;VEM{Ik%y5u0xh?%RKi`9uq&#hB6tlE-p&+`29z?a30O6dn_Gq!#Tb;dqlE`T(J^GpMJk0g;oxx`;6+S5Nt7(hv9ge-zN=&Q z9Rivi%#H@=th>mMX2eN5oa3U0jSQXqP2PBX!wJ3A5EQD>gUAEY`SYa7J?1#qKdE(4 zN`=Y^y>^dKi#Ku*0*wBuFv9?(YSLO&?K??OV6AKLj3-68tji^bYYaN0YXH84%HN;= zgZ}4r-YT-Sif+Ud-ae*tkZ$1W6%>SFxiQtS+Btqkna#seQmpy)URse*3(o@No}DQ? zF&#s*56bS2XnOZHCv&#+fT8m{(c=`SJq||K%&k(`u5wcH($U%c@%y&+6z(ON)cFbSBP?%EcA)`}V zh*oH&)1A|3E7>scgDFzIsDo<=J_2{EyYVva`Q zqrEJmXn56Bs-%L)+vl&iB~0yK&u@!Sey(6t%7BN*%(>*A;4s&yAu0nB11^B0i5Qfoh-!F z?kahfc=w%Gv0hN5#C+GOlRC;T2EFR=4F?VX;6bK>D3-_JX$YHjXe_5Q_-Y_@8$!TWcX@hBiU83!2WH3#?d}~ovz1Kur4R^|l(@A=wd=em&qPx= zW;g62)r7tI28;;TL2$=^=INkBK(Q!#QHpxj#7QMVV~P$>wB)1ivj7%|kgVAc)|&+N z((jm0y<_AfpoH3(P8JyaQjkn}xeL8dRTj@|D4A1TUs2MjVlv^}9FW zdCXP+V{$9iB_-LOR*Gl5Y6x;J#h%nYmO+sQcd=3?iOuxz1@}2pWs}G}E9M3sjki}s zV_BV>=5kd3DMq+-2VE~(FR3Zf`+k%1Dgw%S3q4vep=4N60<}nt2N?ht!7M85_dmC^ z^Qj|sN36G&#xAFqy&?5=Mdt!ujsa9;d8$(X!gW9t9$g|OIhMr2u{FLqnl8kUi41h;sVcY5nx52>^~Rwm7y=_R6T?n0Wqh>2 z*)}!Et)Awgk97D0$-r5AOD!%QbZK3pi}vgd^1|TEkBeS4sq5SOOc@zeD@TZOXO8y) zYa!-_V_TYx#f1y{id{g#mI#`NkT8ElMhDfx={&{0=!vG_@ppCCcG{YQoBMrC#En*@WsjpQul$@dZ0g`ZUK7oVR5dS8 zpDv*j+<3B9gMcE5ww_Yc$|#$D8D;@lq9$t*HlDO0+I3hZ2`9K85YKwpuO;j5DJheQ z_7xT`Ng-^?twc>N!zAS}4-T6We^kP+cTePW?)ZIWPwP?Hs%QD@XFh2d<7kC>KsN}MFQz9OVZfO#kjj8>Rzsls#5Kc1INe}sR_m2*zZPr?rU zwVRwuHn~c|XbN;{nKp6#7$F#;u|ue)6|x%b+h08^gwLN#Kc}A-@S=HKfB5Yg_#E{D z5KhE4j?EhExZb|o19r>7yU?j#W9L~E1tB=0Sia`WbE1s1Zj2FJRd!F>C&rx>G}@lH z@9L&-y?C@-Q4HTV4Bwd<$nzhV(xhPSNL*qN-6AJB=2-z9kbG28(?mfb0o1R0*#1Mta6YREwvxo<< z4M>B8!*Ed8PbF*>21H8ZRo78p0cdZ($?Z-OKe37$+xyx!jaX<*^`=3#r=JiJKsYmm zEgTGdM71l6C#Ul77wHWzjk0Q{m+Z&oO-l|b6Oi88?|Mn{mau zdxRRv=-%u{-t}mS?pz+|s(Gi2z9dIcoq>%GdD4wlZ5pSXxB=9ye+zd8K>Lzd%f*TL?Gjx zk~RrJyX{SZn9DK9O*Ym&^r{&M+bVD&3x&vDe~kc%AVb})j8uRmgSq*kX$y#-21-6H z-RShn22cy{;^r0}WkijHl3}otg<=-)S~HVU>m1h_hxV|q@`*5i)Lcfen1M(Q^MG`P z!Ys5K6vzbg{038|wpZbc%a-*8_KDQie`J$f0XBSCZ>>rRG(`GEI$hC9N?gB23w_d+8U{JSCSsw;Z+L+a{XC(wYqn zwCagN;H}nvQEM)4-WS_HG@zVokc>y;0J|SeW3C8abYuMPivbJb<|koDSrfxX7!n?r z%Flz;bG=g7$CaR@RBDbSWhV3w|BZ|-qTTBl>Y5d~mhH!pa&ySgZ8KNTmlT2)XaX{D#WFRfiA1j{egfGSYARK6{)`SD744CJ&29-zdOR+|_>*@4h7 z0vAcI2hZO&9oS-)v2LA$*!e|5b=rdbD{@fg@($q;thcE#H1b~LuDqE$o!BYonK`ml zgfg@zbywxtdv~i}?+9%v#q6{$TF*&NeX|&=d|%|r(&I9a2{jfwBFfuO-R0!-?*!L8 zPTSt;f@51ce|$Mx1ri2%KB_w)*^>G3Z4i2h692Io1eK2HlWHpyi!?aljSvz#SHq#HXlm0aH(S9Bw2vxhcN|mD~N=D{I5Qtbv{&D5&uOUE{Aah{=rbB`cxw|6+CI?ds!1ATa3gRpSb$%pY_JvnNLsvnEc5y>N0 z&)6K6)~91sY7MP(75_f%BE+8RE=&%s{k|?0N-i3eOivn`aKWrle4N47smqCh28F;J z4C5)AKSWq)z~F?2ntTwc<9g_nJXkjopr`xp&3$`0|LmfTwPuYCwFY_hcia_ipis-Z z86>Ir7~7!`iVlFRe*AK-^*yOyv~TQ~aQ~n{wfsl=3LP4EpH4x3Q;a4{0edF63jkOY z00=P}B6dRxS2p`FhchZMy`I-E%^<>&tP8pk&Ig7iMej&5^=MwWk57d{$*in;aTO_h+c7N-cmhm zb_URR>9$Tj?z&oxqKt;Ffu#{qDqFOZn@1D&Neq1-wVG1cbmr%7L#ZghgekJ`2Ka-x z$D9HRMHR_kfPEF{9h~w<%T*LjFwi;l=L#xj$!AW2T_Yq1W7lTQG0?;(2)RM`J8$fF z!l0u%AL-u7;X*)+L(Sn_|DwE(YxQZSVv_}Rw|TLw3+8BD|w^GAdlzcq?r#& zd?zSHb1BO_9W?nX$g@|Uo49bBnK6<%bEdL}Uj%!@=BH2p3=SEX&~Y8j1UI>vCjPoS z0ri*B3YHj5@MCmhskWA3?KF#x1hYFOMmsvwn z!v9}^4)#Y{VVGVLA+>N9JRg@f01U?bCHS%GH%LqmwmE{Svw?J*W}3_}zyiyc{6TE3 zk5Y13m|idDSbONCWjAC;nV$2_gUL8l24BX<3D2<5-9HDMn}Qx8##d(V`xl^iGq?35 zLo$yh86{4LidncIaEc`IyFwx*k2ZRvNI8ZhEXf^VpDR|Hu^(MpIQl-RR1xni?&;Ix zHQk@uHB1o%s)wJQG9}Uz94#4@mNP&QO#&U74<%e)p0S2>q@^Xa>^uDMds;x!HoN^_ zfSZgHmp0s_QgIjjC*ZAa}w86=_a+a(%+&3EP^ zm`sJjLTvvh^vsg|kSm)s^5l^k0z$lSHO44Zh90EScks_^!6W}fYFqA3#=hCG)M?R$ zGE??`luOA8+#2Oe0qInS8R8B1ei?q_f!aPz)q!s70P2C3wuvxvL`0c{Tjy$b6zuW# zQG`zU3X;`jUm_}xKJ%lDn)dbA$=K7WI|EPIFUi*v*-@OoXLcSAETHpOyOHWABb{d} zgY*zzk`UC5tjH+M(JPAbGpk7l4{*JK=_)0=-X!L?z_V)E+yZTsozf z0yN6;bJUT+#}0!eT_0^qQjr_OyZKnj@mG3Sqv}P2hyOXIbzM_gYcw3mfV^`mUHmue zZ}Xyrjcjv zu6r^4nG5N|n9rP8rcMlAF=HQp(5fqMwB#48*#sOb8d^DI%G|i|GLwAMDMBr`f_pRt zLfnOL)kN*s)On3QyeUl?B95Q;1I*-~pp1(g>{idl?kPIeKYT1NYW*bo{<*(IiBtWGnE zLK#AYjC9CoWiqk>0wQXmIz)!`lEh6Lugu_#Mx!Eo;G0dppTrx`*(%MGN7{BO!Qp(X zb~-R!X)y_4SR_Uv-xcmt;V6Y%n`wna2fHRZ(MTF(e}!NvMNLDNq}#*cBTougz`h~u z1C2;U{>fDvCi|JOM#*cO!uyAv zpP(VgoqIqq(Li5`Ri|Ihni#*Ow!BQqhx3SJ)>8Uj@P+`lM_w6$^dznT6wCJfn-EWx z;}BS|NQ^Nxa%BB|XJ14thPQ?o z0M%9dvfUl!5avrF@(kq(hH^IB?@E3x%X>)4*eDX$pUhg$_A9*}V1TVBNU9JD(DbBc*p7@Q~GM&@={0|aYOG$MZO2*HUjw#55m8OZ+?~0oE@0L~5A3WjMF0p$QPBAOhht%>;Of*s&GD8(iOeT4NT%5n zz6bRvx>h5{FAN0GIdq+y-twjNMQv+yJ-#wASe?D8iUzlhi@aCM5tg7W3;GbTn_SbiV-QHCu z;38EzVyFTt1Q1a`nius7%5ryhcewkw4?FwxpE)z6D%tb z$GCBpEI-&mHRYvFd3hbqz4alr@wfLM<5iRHqLN48Ih;cNP7@jC{N+5+N`U#CLB2EP zr5g&fI-_&%s-((u>PXUrk1TD9tjBPvD@c>WWpmBrbA?4XYmQucce(tF=Qv-Cuxw0v zNbEyCuE2+pSY)CvJp=Ar-(t{tx0%&co$yR?cn5s4J<;ZgXys)#Z1~r23awZ;1-=Y2 z85Di8npLa;v5_sCtR;v++g0$@Tf5&g+v*C~^Z*Dy7!Z>pge^RF-j(4uWO!{UhS)1mn&@BHFRz6bE`RG=gt1Ydun6HL(vn5OTA|;x@cbWb`KEy z56i<3*gyOsT{m|<&2(u~L%?dJtR}d;_lB*q?{m)GQAUr;vCo^$Ge?LNt?l0Ir;$_< z%i0kix8-eO(KI@R*`sLP1hlUQXponvL5JDC;4%x@CbxASZl;!KjX>aQg>Npp_*)?>;*+x3EcjJ`D8ltloxu@NLIrrQBxqfg}h@;z(p2&OGmp(jS=>3|K03bi(k4yFcQ zP9ZBNSldEbEF{hMR%#p`-x?0{I}cp`qH^8*QyCO$qpqMRim#S`nISclb3e|zhcI1f zlYQJdW}Q^$fk8r^NFdbS7*~FORGpQWlY{8qS(4SVGve*Q#hN!sbh1Y+3L2mn@0h0P zTNU9X`H!MbK~ZFnw3|sYuBIOKm_+0JdupsWkIx0&XR$rG2w;LH$((7NAsPNovV1Xd z)R4dP`a%IXMV)dsH02QtHPNDio$GiZG2I+HL@Ps`vDjI#JVGB3k&rp|A*Qf}p}|8N z)m>r3!3@1=^xQeB8$-e5#j9IxCUH!QJG+>QOV|ob;!yK>8myi7k2A~BRZ(x;?wAjS3-2B zV~OA!Xy21rNi#yaA;2>GD%Z#TCN7*-FCsKL;F4zIgyEAkqh)z;L(N7s;P>_iI>|dT zQ88=BXol|(OSF9NydHe{5yq&LiLm@=lZzpZ;jb)6<-m`7$@>dgJOGw%5JNj_HV)oF z<}C!-QzWv)Wek56(9_Vof?R5e9_0v934|Q6mcXUaN9ai$X@^&{JWgcC{l~-d*j7T3 zh8yAE_-^1QsePob_clbQXBIsR@FlZdb{rMb1rdTl4MeZDG7Zyq(0&tPiL+bdnz>Rpu|{3ob1xwB7|q|{KEa^OrlE`?o>iHg&neq~&APB|5Yb^918y9m6?HM1}FyNl%E4fgKvhmDkHJgYDC;$fX%bF{7-fL(H90~ET3n7uVLrC1l8{xeP8 zfIRfs7?zc-Crp7NzNEH#?He5I1f~BVW)c}TmK&;XJ)K)UHvKdm==eD`aXZ5!Qe6$M zmrBIO>r4%qk4m5s`>uflpr8ezO5Q%aFzM}4OGir{LVHIMV)=NB#*+2s+IySz(9PTZ z+x8lO$>)VO{@AD9u~lab9VG((N$LzvR=o;7^ycDL(9H^j`FPmkPpv?qb58x>Rfai{ zd=fHKht<6Va_L!N_5xQ%CjN_utvLg!fa5GGUzo8zv&?+KQy(tFf5gO50D_ zdgPBcW~srxNAB(G001ewGV^tw6BKQC*Ets3!y2i2GH5d0CMb+2p=>z*w9gKI;@Js70XE z!n+<(vo8COPJgaCVYKTvoIG zQ4EJ;Z<*}vQ0py-a4lQG?*TR(&ff!aDjrLp>6!hRd+-sr2XH#rsC$5k#skn`A4gOl zI5+}`Q?|sl~o^ggh(Fv z;ZQ9j@o}#Acx%AV5_|`VVjsD0YTPFG^Yk}bxLSGiKgdu0R!b>^AZ4Z#Ha|XH`$m7j zPTHB{$(SFNhgO~ZU2W>Gu85J$y4JIvm!;55{u~j#QC;MjB4Fgxsfj^eGLw%CGxd}= z_@)u7@yj1}$3OHJVr2LpKs9^ak=e>I(BYr|@DL=VHW$%eyF7e5#JVD z+Ydee4&|<^-ZwtkuzbmDk<-!VM>&J#VGuqwnZ?~O#>GfdTzVC6@tE@|GTt#x>D85- zXInL~8f2BnkPewb59I}Mt_o0Mn~FDPM-d_|OQ$yL*6{A)R>e7n8i&Dr`sya@gp^ zo0IDVP-8I)H{Q5-X=ftis-jJa0k};d%TR%@_N#gxF?NChgMDBCO245E>}~evYm&D z#n@}Fn-fL{b2f=y5=f)Q;g9i0%#`z4jdRKuS(E-|Vw&B)r{mil*L4X`hs-VMyqOiu zOI3|oj-zEBm*i>~DAlIp zUJQe=(Kl`+V)$Xz6}RkYp-#}yR{d0sc@-7a?1(m;gFKUIId2T^!&4Ke1Nr<-eeR_Z==l@qFp*iO=0vmy*7| ylwQw2KCAE967lldX8!LB|I^_v;Q-^`$mR56^DMmGe_3>iH`*8VKo<@6rv45>53M@@ literal 0 HcmV?d00001 diff --git a/mumble/docker-compose.yaml b/mumble/docker-compose.yaml index fbe15dd2..9f61535e 100644 --- a/mumble/docker-compose.yaml +++ b/mumble/docker-compose.yaml @@ -18,6 +18,9 @@ services: - MUMBLE_SUPERUSER_PASSWORD - MUMBLE_CONFIG_WELCOME_TEXT - MUMBLE_CONFIG_CERT_REQUIRED + - MUMBLE_CONFIG_DEFAULT_CHANNEL + - MUMBLE_CONFIG_REMBMER_CHANNEL + - MUMBLE_CONFIG_REMEMBER_CHANNEL_DURATION # All labels are defined in the template: docker-compose.instance.yaml # The labels will merge together here from the template output: # docker-compose.override_{DOCKER_CONTEXT}_{INSTANCE}.yaml From 7806a6ca9e26d2f6ab1a4781038662202e702b4d Mon Sep 17 00:00:00 2001 From: EnigmaCurry Date: Sat, 16 Mar 2024 12:47:04 -0600 Subject: [PATCH 4/5] mumble traefik endpoint description --- traefik/setup.sh | 1 + 1 file changed, 1 insertion(+) diff --git a/traefik/setup.sh b/traefik/setup.sh index 29843862..155d47e2 100755 --- a/traefik/setup.sh +++ b/traefik/setup.sh @@ -124,6 +124,7 @@ config_list_entrypoints() { [xmpp_c2s]="XMPP (ejabberd) client-to-server endpoint" [xmpp_s2s]="XMPP (ejabberd) server-to-server endpoint" [mpd]="Music Player Daemon (mopidy) control endpoint" + [mumble]="Mumble VoIP server endpoint" [redis]="Redis in-memory database endpoint" [snapcast]="Snapcast (snapcast) audio endpoint" [snapcast_control]="Snapcast (snapcast) control endpoint" From a29edace044d19f6003b2b989ed357cd17875d87 Mon Sep 17 00:00:00 2001 From: EnigmaCurry Date: Tue, 19 Mar 2024 20:24:33 -0600 Subject: [PATCH 5/5] allowlist --- mumble/README.md | 2 ++ mumble/docker-compose.instance.yaml | 8 ++++---- 2 files changed, 6 insertions(+), 4 deletions(-) diff --git a/mumble/README.md b/mumble/README.md index 73a0cdb2..c0ce67e9 100644 --- a/mumble/README.md +++ b/mumble/README.md @@ -14,6 +14,8 @@ make config make install ``` +This takes almost an eternity to build, sorry about that. Just be +patient. ## Background info on Mumble diff --git a/mumble/docker-compose.instance.yaml b/mumble/docker-compose.instance.yaml index 015f9617..48c91ee0 100644 --- a/mumble/docker-compose.instance.yaml +++ b/mumble/docker-compose.instance.yaml @@ -27,14 +27,14 @@ services: #! Mumble TCP: - "traefik.tcp.routers.(@= router @).rule=HostSNI(`*`)" - "traefik.tcp.routers.(@= router @).entrypoints=mumble" - #@ enabled_middlewares.append("{}-ipwhitelist".format(router)) - - "traefik.tcp.middlewares.(@= router @)-ipwhitelist.ipwhitelist.sourcerange=(@= ip_sourcerange @)" + #@ enabled_middlewares.append("{}-ipallowlist".format(router)) + - "traefik.tcp.middlewares.(@= router @)-ipallowlist.ipallowlist.sourcerange=(@= ip_sourcerange @)" #! Mumble UDP: #!- "traefik.udp.routers.(@= router @).rule=Host(`*`)" #!- "traefik.udp.routers.(@= router @).entrypoints=mumble" - #!#@ enabled_middlewares.append("{}-ipwhitelist".format(router)) - #!- "traefik.udp.middlewares.(@= router @)-ipwhitelist.ipwhitelist.sourcerange=(@= ip_sourcerange @)" + #!#@ enabled_middlewares.append("{}-ipallowlist".format(router)) + #!- "traefik.udp.middlewares.(@= router @)-ipallowlist.ipallowlist.sourcerange=(@= ip_sourcerange @)" #! Apply all middlewares (do this at the end!) - "traefik.tcp.routers.(@= router @).middlewares=(@= ','.join(enabled_middlewares) @)"